Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-345 archive

Vulnerability Summary for the Week of December 4, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
ac4p -- ac4p Mobile
Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770.
unknown
2006-12-07
7.0CVE-2006-6389
BUGTRAQ
BID
Adobe -- Acrobat Reader
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.
unknown
2006-12-03
7.0CVE-2006-6236
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
OTHER-REF
CERT-VN
XF
AlternC -- AlternC
Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name.
unknown
2006-12-04
7.0CVE-2006-6256
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
AlternC -- AlternC
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.
unknown
2006-12-04
10.0CVE-2006-6258
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
AlternC -- AlternC
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
unknown
2006-12-04
10.0CVE-2006-6259
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Aspindir -- Aspee Ziyaretci Defteri
Multiple SQL injection vulnerabilities in giris.asp in Aspee Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
unknown
2006-12-06
7.0CVE-2006-6337
BUGTRAQ
BID
FRSIRT
SECUNIA
Atomix Productions -- AtomixMP3
Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file.
unknown
2006-12-04
7.0CVE-2006-6287
OTHER-REF
FRSIRT
SECUNIA
BID
XF
awrate -- awrate
PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.
unknown
2006-12-07
7.0CVE-2006-6368
OTHER-REF
MLIST
BID
FRSIRT
XF
Bitflux -- Upload Progress Meter
Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial or service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests.
unknown
2006-12-07
10.0CVE-2006-6361
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
BlazeVideo -- HDTV Player 2.1
Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist, a different product than CVE-2006-6199.
unknown
2006-12-07
7.0CVE-2006-6396
OTHER-REF
SECUNIA
BlueSocket -- BSC 2100
Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter.
unknown
2006-12-07
10.0CVE-2006-6363
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Cerberus -- Helpdesk
Cross-site scripting (XSS) vulnerability in includes/elements/spellcheck/spellwin.php in Cerberus Helpdesk 0.97.3, 2.0 through 2.7, 3.2.1, and 3.3 allows remote attackers to inject arbitrary web script or HTML via the js parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
7.0CVE-2006-6366
BID
SECUNIA
FRSIRT
XF
Citrix -- Presentation Server Client
Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer.
unknown
2006-12-07
8.0CVE-2006-6334
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Coalescent Systems -- freePBX
Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number).
unknown
2006-12-04
7.0CVE-2006-6244
OTHER-REF
OTHER-REF
BID
SECUNIA
Codewalkers -- ltwCalendar
Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
unknown
2006-12-01
7.0CVE-2006-6228
OTHER-REF
dicshunary -- dicshunary
PHP remote file inclusion vulnerability in check_status.php in dicshunary 0.1 alpha allows remote attackers to execute arbitrary PHP code via a URL in the dicshunary_root_path parameter.
unknown
2006-12-04
7.0CVE-2006-6281
BUGTRAQ
Dreamcost -- DreamAccount
PHP remote file inclusion vulnerability in admin/index.php in DreamAccount 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-12-01
7.0CVE-2006-6232
BUGTRAQ
BID
OSVDB
SECUNIA
XF
Drupal -- CVS management/tracker
Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display.
unknown
2006-12-07
7.0CVE-2006-6386
OTHER-REF
FRSIRT
SECUNIA
BID
XF
DUware -- DUpaypal
DUware -- DUdownload
DUware -- DUgallery
DUware -- DUamazon
DUware -- DUdirectory Pro SQL
DUware -- DUclassified
DUware -- DUpaypal Pro
DUware -- DUnews
DUware -- DUdirectory Pro
DUware -- DUarticle
DUware -- DUdirectory
Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews allow remote attackers to execute arbitrary SQL commands via the (1) iNews, (2) iType, or (3) Action parameter. NOTE: the iType parameter in type.asp is covered by CVE-2005-3976.
unknown
2006-12-06
10.0CVE-2006-6354
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
DuWare -- DuClassmate
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
unknown
2006-12-06
10.0CVE-2006-6355
BUGTRAQ
OTHER-REF
DUware -- DUpaypal
SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: the iState parameter is already covered by CVE-2005-3976 and the iPro parameter is already covered by CVE-2005-2047.
unknown
2006-12-07
7.0CVE-2006-6365
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Expinion.net -- iNews Publisher
Expinion.net -- News Manager
SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. NOTE: early reports of this issue reported it as XSS, but this was erroneous. The original report was for News Manager, but there is strong evidence that the correct product is Publisher.
unknown
2006-12-04
7.0CVE-2006-6274
BUGTRAQ
MLIST
OTHER-REF
BID
FRSIRT
SECUNIA
fipsASP -- fipsShop
Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
unknown
2006-12-04
7.0CVE-2006-6243
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Francisco Burzi -- PHP-Nuke
Multiple SQl injection vulnerabilities in the Content module in PHP-Nuke 6.0, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in a list_pages_categories action or (2) the pid parameter in a showpage action.
unknown
2006-12-02
7.0CVE-2006-6234
BUGTRAQ
MLIST
Frisk Software -- F-Prot Antivirus
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
unknown
2006-12-05
7.0CVE-2006-6293
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
SECTRACK
Frisk Software -- F-Prot Antivirus
Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-????, but it is not clear due to the vagueness of the report.
unknown
2006-12-05
7.0CVE-2006-6294
OTHER-REF
Geeklog -- Geeklog
Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory.
unknown
2006-12-01
7.0CVE-2006-6225
OTHER-REF
BID
XF
IBM -- Tivoli Storage Manager
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
unknown
2006-12-06
7.0CVE-2006-5855
BUGTRAQ
OTHER-REF
OTHER-REF
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
XF
IBM -- Tivoli Storage Manager
Multiple array index errors in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to read arbitrary memory locations and cause a denial of service (crash) via a large index value in unspecified messages, a different issue than CVE-2006-5855.
unknown
2006-12-06
9.0CVE-2006-6309
BUGTRAQ
OTHER-REF
OTHER-REF
IISWorks -- ListPics
listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.
unknown
2006-12-06
10.0CVE-2006-6350
BUGTRAQ
FRSIRT
XF
SECUNIA
Infinity Technologies -- Infinitytechs Restaurants CM
Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp.
unknown
2006-12-04
7.0CVE-2006-6269
BUGTRAQ
Inside Systems -- Inside Systems
Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
unknown
2006-12-07
7.0CVE-2006-6364
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Intel -- PRO 10/100 Adapters
Intel -- PRO/10GbE Adapters
Intel -- PRO/1000 Adapters
Intel -- PRO/1000 PCIe Adapters
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
unknown
2006-12-07
7.0CVE-2006-6385
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
MLIST
OTHER-REF
BID
XF
Invision Power Services -- Invision Community Blog
SQL injection vulnerability in lib/entry_reply_entry.php in Invision Community Blog Mod 1.2.4 allows remote attackers to execute arbitrary SQL commands via the eid parameter, when accessed through the "Preview message" functionality.
unknown
2006-12-07
7.0CVE-2006-6369
BUGTRAQ
BUGTRAQ
OTHER-REF
FRSIRT
Invision Power Services -- Invision Gallery
SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of service and possibly have other impacts, as demonstrated using a "SELECT BENCHMARK" statement in the img parameter in a doaddcomment operation in index.php.
unknown
2006-12-07
7.0CVE-2006-6370
BUGTRAQ
BUGTRAQ
Jonas Gauffin -- Publicera
Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function.
unknown
2006-12-07
7.0CVE-2006-6393
OTHER-REF
BID
FRSIRT
XF
Jonas Gauffin -- Publicera
SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-12-07
7.0CVE-2006-6394
OTHER-REF
BID
FRSIRT
XF
Kai Blankenhorn Bitfolge -- Simple and Nice Index File
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) 1.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the externalConfig parameter. NOTE: CVE and other third parties dispute this vulnerability because $externalConfig is defined before use.
unknown
2006-12-04
7.0CVE-2006-6285
OTHER-REF
MLIST
BID
MLIST
Kervancilar -- Aspmforum
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
unknown
2006-12-04
10.0CVE-2006-6270
BUGTRAQ
KhaledMuratList -- KhaledMuratList
KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb.
unknown
2006-12-06
10.0CVE-2006-6351
BUGTRAQ
XF
KLF-DESIGN -- KLF-REALTY
Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. Fraser) KLF-REALTY allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) agent parameters in (a) search_listing.asp, and the (3) property_id parameter in (b) detail.asp.
unknown
2006-12-06
7.0CVE-2006-6342
BUGTRAQ
XF
l2tpns -- l2tpns
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.
unknown
2006-12-07
10.0CVE-2006-6362
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
XF
Link -- Content Management Server
Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
7.0CVE-2006-6388
SECUNIA
BID
XF
LINK Content Management Server -- LINK Content Management Server
Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
7.0CVE-2006-6387
SECUNIA
BID
XF
Linux -- Linux kernel
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
unknown
2006-12-01
7.0CVE-2006-5751
OTHER-REF
OTHER-REF
OTHER-REF
XF
OTHER-REF
BID
FRSIRT
MailEnable -- NetWebAdmin Professional
MailEnable -- NetWebAdmin Enterprise
webadmin in MailEnable NetWebAdmin Profession 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password.
unknown
2006-12-03
7.0CVE-2006-6239
OTHER-REF
SECTRACK
MaxiASP -- Yonetimi
SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters.
unknown
2006-12-05
7.0CVE-2006-6298
BUGTRAQ
BID
XF
mg.blattl -- mg.applanix
Multiple PHP remote file inclusion vulnerabilities in mg.applanix 1.3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the apx_root_path parameter to (1) act/act_check_access.php, (2) dsp/dsp_form_booking_ctl.php, and (3) dsp/dsp_bookings.php.
unknown
2006-12-06
7.0CVE-2006-6341
BUGTRAQ
MLIST
MLIST
BID
XF
Microsoft -- Office Word Viewer
Microsoft -- Works
Microsoft -- Office Word
Microsoft -- Word
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption.
unknown
2006-12-06
7.0CVE-2006-5994
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
CERT-VN
SECUNIA
BUGTRAQ
SECTRACK
XF
Microsoft -- Windows 98
Microsoft -- Windows Me
Microsoft -- Windows 2000
Microsoft -- Windows NT
Microsoft -- Windows 95
Quinnware -- Quintessential Player
Microsoft -- Windows XP
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
unknown
2006-12-04
8.0CVE-2006-6261
OTHER-REF
BID
XF
Microsoft -- Teredo
Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering.
unknown
2006-12-04
7.0CVE-2006-6264
BUGTRAQ
BUGTRAQ
OTHER-REF
Microsoft -- Teredo
Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
unknown
2006-12-04
7.0CVE-2006-6265
BUGTRAQ
BUGTRAQ
OTHER-REF
XF
mowdBB -- mowdBB
Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter.
unknown
2006-12-06
7.0CVE-2006-6348
BUGTRAQ
XF
Neocrome -- Land Down Under
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).
unknown
2006-12-04
10.0CVE-2006-6268
BUGTRAQ
OTHER-REF
Neocrome -- Seditio
SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-12-06
7.0CVE-2006-6343
BUGTRAQ
FRSIRT
SECUNIA
XF
Neocrome -- Sedition
Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection.
unknown
2006-12-06
7.0CVE-2006-6344
OTHER-REF
FRSIRT
SECUNIA
NeoEngine -- NeoEngine
Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp.
unknown
2006-12-01
7.0CVE-2006-6226
OTHER-REF
OTHER-REF
BID
OSVDB
Net-SNMP -- Net-SNMP
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to gran write access to users or communities that only have read-only access.
unknown
2006-12-06
7.0CVE-2006-6305
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
Newtone -- ImageKit
Casio -- Photo Loader
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.
unknown
2006-12-04
10.0CVE-2006-3893
CERT-VN
BID
FRSIRT
FRSIRT
XF
SECUNIA
Novell -- Netware Client
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
unknown
2006-12-03
7.0CVE-2006-5854
OTHER-REF
OTHER-REF
BUGTRAQ
SECTRACK
Novell -- ZENworks Asset Management
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
unknown
2006-12-05
10.0CVE-2006-6299
IDEFENSE
IDEFENSE
OTHER-REF
BID
BID
FRSIRT
SECUNIA
SECTRACK
XF
Nukeai -- Nukeai
Direct static code injection vulnerability in util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension in the filename parameter and code in the moreinfo parameter, which causes saves filename under descriptions/, which is accessible via a direct request.
unknown
2006-12-04
7.0CVE-2006-6255
Milw0rm
BID
o2php.com -- Oxygen
SQL injection vulnerability in viewthread.php in Oxygen (O2PHP Bulletin Board) 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, a different vector than CVE-2006-1572.
unknown
2006-12-04
7.0CVE-2006-6280
BUGTRAQ
OTHER-REF
ONEdotOH -- Simple File Manager
Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code.
unknown
2006-12-07
10.0CVE-2006-6376
OTHER-REF
XF
Paul Griffin -- Simple PHP Gallery
sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.
unknown
2006-12-04
7.0CVE-2006-6273
BUGTRAQ
Photo Organizer -- Photo Organizer
Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-12-04
7.0CVE-2006-6245
OTHER-REF
BID
FRSIRT
XF
SECUNIA
PhpMyAdmin -- PhpMyAdmin
Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files.
unknown
2006-12-07
7.0CVE-2006-6374
BUGTRAQ
XF
PHPNews -- PHPNews
Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parmeter.
unknown
2006-12-06
10.0CVE-2006-6356
BUGTRAQ
BID
FRSIRT
SECUNIA
PHPNews -- PHPNews
Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-06
10.0CVE-2006-6357
FRSIRT
PHPOLL -- PHPOLL
Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/.
unknown
2006-12-04
7.0CVE-2006-6271
BUGTRAQ
Plone -- Plone
Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group."
unknown
2006-12-07
7.0CVE-2006-4249
OTHER-REF
BID
FRSIRT
SECUNIA
XF
plx Web Studio -- plx Pay
Directory traversal vulnerability in index.php in plx Web Studio (aka plxWebDev) plx Pay 3.2 and earlier allows remote attackers to include and execute arbitrary local files, or obtain user credentials and other sensitive information, via a .. (dot dot) in the read parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
7.0CVE-2006-6392
BID
FRSIRT
SECUNIA
XF
PostNuke Software Foundation -- PostNuke
SQL injection vulnerability in the Downloads module for unknown versions of PostNuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewdownloaddetails operation. NOTE: this issue might have been in the viewdownloaddetails function in dl-downloaddetails.php, but PostNuke 0.764 does not appear to have this issue.
unknown
2006-12-02
7.0CVE-2006-6233
BUGTRAQ
Puntal -- Puntal
PHP remote file inclusion vulnerability in the installation scripts in Puntal before 1.8.5 allows remote attackers to execute arbitrary PHP code via the GLOBALS array.
unknown
2006-12-01
7.0CVE-2006-6224
OTHER-REF
BID
FRSIRT
XF
PWP Technologies -- The Classified Ad System
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter to default.asp or (2) a query in the search engine.
unknown
2006-12-06
7.0CVE-2006-6349
BUGTRAQ
Redbinaria -- SIAP CMS
SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter.
unknown
2006-12-04
7.0CVE-2006-6260
BUGTRAQ
BID
XF
rPath -- Linux
Gpg4win -- Gpg4win
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Fedora
Red Hat -- Red Hat Desktop
Slackware -- Slackware Linux
Ubuntu -- Ubuntu Linux
GNU -- GNU Privacy Guard
Red Hat -- Red Hat Advanced Workstation for the Itanium Processor
Red Hat -- Red Hat Enterprise Linux WS
Red Hat -- Red Hat Enterprise Linux AS
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
unknown
2006-12-07
10.0CVE-2006-6235
REDHAT
BID
SECUNIA
XF
UBUNTU
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SAP Software -- Internet Graphics Server
Directory traversal vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 16 and earlier, and 7.00 Patchlevel 6 and earlier, allows remote attackers to delete arbitrary files via directory traversal sequences in an HTTP request. NOTE: This information is based upon an initial disclosure. Details will be updated after the grace period has ended. This issue is different from CVE-2006-4133 and CVE-2006-4134.
unknown
2006-12-06
7.0CVE-2006-6345
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SAP Software -- Internet Graphics Server
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.
unknown
2006-12-06
10.0CVE-2006-6346
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Sergey Korostel -- PHP Upload Center
PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter.
unknown
2006-12-07
7.0CVE-2006-6360
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
Simple Machines -- SMF
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
unknown
2006-12-07
7.0CVE-2006-6375
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
SquirrelMail -- SquirrelMail
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in (b) compose.php, and (4) unspecified vectors involving "a shortcoming in the magicHTML filter."
unknown
2006-12-05
7.0CVE-2006-6142
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
XF
Stefan Frech -- online-bookmarks
SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-12-07
7.0CVE-2006-6358
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Stefan Frech -- online-bookmarks
Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-07
7.0CVE-2006-6359
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sun -- ONE Application Server
Sun -- Java Web Proxy Server
Sun -- Java System Application Server
Sun -- Java System Web Server
HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.
unknown
2006-12-04
7.0CVE-2006-6276
SUNALERT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
XF
Superfreaker Studios -- UPublisher
Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.
unknown
2006-12-07
7.0CVE-2006-6398
BUGTRAQ
SECUNIA
Superfreaker Studios -- UPublisher
SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-12-07
7.0CVE-2006-6399
SECUNIA
Uapplication -- UPhotoGallery
Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.
unknown
2006-12-04
7.0CVE-2006-6247
BUGTRAQ
OTHER-REF
BID
XF
Ultimate HelpDesk -- Ultimate HelpDesk
Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
unknown
2006-12-07
7.0CVE-2006-6380
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Ultimate HelpDesk -- Ultimate HelpDesk
Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
unknown
2006-12-07
10.0CVE-2006-6381
OTHER-REF
FRSIRT
SECUNIA
XF
Uploadscript -- Uploadscript
Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.
unknown
2006-12-07
7.0CVE-2006-6377
BUGTRAQ
SECUNIA
XF
FRSIRT
Vikingboard -- Vikingboard
members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this is not clear.
unknown
2006-12-04
8.0CVE-2006-6282
BUGTRAQ
VUBB -- VUBB
SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a register action to index.php, a different vulnerability than CVE-2006-0962.
unknown
2006-12-01
7.0CVE-2006-6230
BUGTRAQ
OTHER-REF
VUPlayer -- VUPlayer
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
unknown
2006-12-04
7.0CVE-2006-6251
Milw0rm
BID
FRSIRT
OTHER-REF
SECUNIA
XF
WIDCOMM -- BTSaveMySql
BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests.
unknown
2006-12-07
7.0CVE-2006-6378
BUGTRAQ
XF
Woltlab -- Burning Board Lite
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
unknown
2006-12-03
7.0CVE-2006-6237
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-04
5.6CVE-2006-6249
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
@lexPHPTeam -- @lex Guestbook
Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter.
unknown
2006-12-04
5.6CVE-2006-6278
BUGTRAQ
BID
SECUNIA
FRSIRT
Adobe -- Download Manager
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file.
unknown
2006-12-06
5.6CVE-2006-5856
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
SECTRACK
BUGTRAQ
FULLDISC
CERT-VN
XF
AlternC -- AlternC
The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message.
unknown
2006-12-04
5.6CVE-2006-6257
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
deV!Lz Clanportal -- deV!Lz Clanportal
SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request.
unknown
2006-12-06
5.6CVE-2006-6339
BUGTRAQ
BID
XF
FRSIRT
SECUNIA
DUware -- DUpaypal
DUware -- DUdownload
DUware -- DUnews
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
unknown
2006-12-07
4.2CVE-2006-6367
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Google -- Mini Search Appliance
Google -- Search Appliance
Cross-site scripting (XSS) vulnerability in Google Search Appliance and Google Mini allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded q parameter.
unknown
2006-12-01
5.6CVE-2006-6223
OTHER-REF
FRSIRT
SECTRACK
CERT-VN
BID
SECUNIA
XF
James Barnsley -- JAB Guest Book
Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.
unknown
2006-12-07
5.6CVE-2006-6371
BUGTRAQ
SECUNIA
XF
BID
James Barnsley -- JAB Guest Book
Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
5.6CVE-2006-6372
SECUNIA
XF
KDE -- KOffice
Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.
unknown
2006-12-03
5.6CVE-2006-6120
OTHER-REF
OTHER-REF
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
MANDRIVA
SECUNIA
BUGTRAQ
OTHER-REF
SECTRACK
XF
MailEnable -- MailEnable Enterprise
MailEnable -- MailEnable Professional
Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.
2006-11-27
2006-12-05
4.2CVE-2006-6290
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECTRACK
SECUNIA
SECUNIA
BUGTRAQ
SECTRACK
Microsoft -- Teredo
Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.
unknown
2006-12-04
5.6CVE-2006-6263
BUGTRAQ
BUGTRAQ
OTHER-REF
Microsoft -- Teredo
Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
unknown
2006-12-04
5.6CVE-2006-6266
BUGTRAQ
BUGTRAQ
OTHER-REF
mxBB -- mx_tinies
PHP remote file inclusion vulnerability in includes/mx_common.php in the mx_tinies 1.3.0 Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
unknown
2006-12-05
5.6CVE-2006-6295
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Niek Albers -- CoolPlayer 215
Multiple buffer overflows in Niek Albers CoolPlayer 215 and earlier have unknown impact and attack vectors.
unknown
2006-12-04
4.9CVE-2006-6288
OTHER-REF
OTHER-REF
FRSIRT
XF
Open Solution -- Quick.Cart
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the config[db_type] parameter to (1) categories.php, (2) couriers.php, (3) orders.php, and (4) products.php in actions_admin/; and (5) orders.php and (6) products.php in actions_client/; as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by one of these PHP scripts.
unknown
2006-12-07
5.6CVE-2006-6390
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Open Solution -- Quick.Cart
Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
5.6CVE-2006-6391
SECUNIA
Paul Griffin -- Simple PHP Gallery
Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
unknown
2006-12-04
5.6CVE-2006-6272
BUGTRAQ
Photo Organizer -- Photo Organizer
Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.
unknown
2006-12-04
4.9CVE-2006-6246
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
SECUNIA
PHPJunkYard -- PHPJunkYard MBoard
Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. (dot dot) in the orig_id parameter.
2006-10-11
2006-12-04
4.7CVE-2006-6262
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Positive Software -- H-Sphere
The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-07
4.2CVE-2006-6382
BID
SECUNIA
XF
S9Y -- Serendipity
Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. (dot dot) sequence in the serendipity[charset] parameter in (1) include/lang.inc.php; or to plugins/ scripts (2) serendipity_event_bbcode/serendipity_event_bbcode.php, (3) serendipity_event_browsercompatibility/serendipity_event_browsercompatibility.php, (4) serendipity_event_contentrewrite/serendipity_event_contentrewrite.php, (5) serendipity_event_creativecommons/serendipity_event_creativecommons.php, (6) serendipity_event_emoticate/serendipity_event_emoticate.php, (7) serendipity_event_entryproperties/serendipity_event_entryproperties.php, (8) serendipity_event_karma/serendipity_event_karma.php, (9) serendipity_event_livesearch/serendipity_event_livesearch.php, (10) serendipity_event_mailer/serendipity_event_mailer.php, (11) serendipity_event_nl2br/serendipity_event_nl2br.php, (12) serendipity_event_s9ymarkup/serendipity_event_s9ymarkup.php, (13) serendipity_event_searchhighlight/serendipity_event_searchhighlight.php, (14) serendipity_event_spamblock/serendipity_event_spamblock.php, (15) serendipity_event_spartacus/serendipity_event_spartacus.php, (16) serendipity_event_statistics/serendipity_plugin_statistics.php, (17) serendipity_event_templatechooser/serendipity_event_templatechooser.php, (18) serendipity_event_textile/serendipity_event_textile.php, (19) serendipity_event_textwiki/serendipity_event_textwiki.php, (20) serendipity_event_trackexits/serendipity_event_trackexits.php, (21) serendipity_event_weblogping/serendipity_event_weblogping.php, (22) serendipity_event_xhtmlcleanup/serendipity_event_xhtmlcleanup.php, (23) serendipity_plugin_comments/serendipity_plugin_comments.php, (24) serendipity_plugin_creativecommons/serendipity_plugin_creativecommons.php, (25) serendipity_plugin_entrylinks/serendipity_plugin_entrylinks.php, (26) serendipity_plugin_eventwrapper/serendipity_plugin_eventwrapper.php, (27) serendipity_plugin_history/serendipity_plugin_history.php, (28) serendipity_plugin_recententries/serendipity_plugin_recententries.php, (29) serendipity_plugin_remoterss/serendipity_plugin_remoterss.php, (30) serendipity_plugin_shoutbox/serendipity_plugin_shoutbox.php, (31) and (32) serendipity_plugin_templatedropdown/serendipity_plugin_templatedropdown.php.
unknown
2006-12-03
5.6CVE-2006-6242
Milw0rm
OTHER-REF
BID
FRSIRT
XF
TFT Gallery -- TFT Gallery
Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. NOTE: this can be leveraged with CVE-2006-1412 to create a remote unauthenticated vector.
unknown
2006-12-06
4.2CVE-2006-6347
BUGTRAQ
XF
TWiki -- TWiki
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
unknown
2006-12-01
4.8CVE-2006-6071
OTHER-REF
FRSIRT
SECUNIA
BID
XF
Vikingboard -- Vikingboard
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the subject field of (1) a private message (PM) or (2) a bulletin board post.
unknown
2006-12-04
5.6CVE-2006-6283
BUGTRAQ
Vikingboard -- Vikingboard
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter.
unknown
2006-12-04
6.0CVE-2006-6284
BUGTRAQ
Woltlab -- Burning Board Lite
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
unknown
2006-12-05
5.6CVE-2006-6289
BUGTRAQ
OTHER-REF
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-03
1.4CVE-2006-6241
BID
FRSIRT
SECUNIA
@lexPHPTeam -- @lex Guestbook
index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.
unknown
2006-12-04
2.3CVE-2006-6279
BUGTRAQ
BID
SECUNIA
FRSIRT
Apple -- Safari
The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077.
unknown
2006-12-03
2.3CVE-2006-6238
OTHER-REF
BID
SECUNIA
Apple -- AirPort Extreme firmware
Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.
unknown
2006-12-05
1.9CVE-2006-6292
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
Apple -- Mac OS X Server
Apple -- Mac OS X
Apple -- BOMArchiveHelper
Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer".
unknown
2006-12-06
2.3CVE-2006-6353
OTHER-REF
BID
Cahier de textes -- Cahier de textes
Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql.
unknown
2006-12-04
2.3CVE-2006-6253
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Cahier de textes -- Cahier de textes
administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. NOTE: it is not clear whether the scope of this issue extends above the web document root, and whether directory traversal is the primary vulnerability.
unknown
2006-12-04
1.9CVE-2006-6254
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Codewalkers -- ltwCalendar
Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file.
unknown
2006-12-01
2.3CVE-2006-6229
OTHER-REF
contentServ -- contentServ
Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086.
unknown
2006-12-04
2.3CVE-2006-6277
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
CutePHP -- CuteNews
Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
unknown
2006-12-05
1.9CVE-2006-6300
BUGTRAQ
BID
XF
DenyHosts -- DenyHosts
DenyHosts 2.5 does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by loggig in to ssh using a login name containing certain strings with an IP address, which is not properly handled by a regular expression.
unknown
2006-12-06
2.3CVE-2006-6301
OTHER-REF
FRSIRT
SECUNIA
BID
deV!Lz Clanportal -- deV!Lz Clanportal
Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/.
unknown
2006-12-06
2.3CVE-2006-6338
BUGTRAQ
BID
FRSIRT
SECUNIA
Fail2Ban -- Fail2Ban
fail2ban 0.7.4 and earlier does not properly parse sshd logs file, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by loggig in to ssh using a login name containing certain strings with an IP address.
unknown
2006-12-06
3.3CVE-2006-6302
OTHER-REF
FRSIRT
BID
SECUNIA
XF
FRISK Software -- F-Prot Antivirus
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
unknown
2006-12-06
1.9CVE-2006-6352
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECTRACK
XF
GPhotos -- GPhotos
index.php in GPhotos 1.5 allows remote attackers to obtain sensitive information via an invalid rep parameter, which reveals the full path in an error message.
unknown
2006-12-04
3.3CVE-2006-6248
BUGTRAQ
BUGTRAQ
XF
John Goodman -- aBitWhizzy
Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084.
unknown
2006-12-07
3.3CVE-2006-6384
OTHER-REF
KDE -- kdegraphics
Stack overflow in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
unknown
2006-12-05
1.9CVE-2006-6297
SUSE
SECUNIA
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
LifeType -- LifeType
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
unknown
2006-12-06
2.3CVE-2006-6112
BUGTRAQ
OTHER-REF
OTHER-REF
OSVDB
XF
Linux -- Linux kernel
The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the wrong flag to the ip_summed field, which allows remote attackers to cause a denial of service (memory corruption) via crafted packets that cause the kernel to interpret another field as an offset.
unknown
2006-12-06
3.3CVE-2006-6333
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
MailEnable -- MailEnable
Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.83 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.40 and 2.0 through 2.33, allows remote authenticated users to cause a denial of service (crash) via a long argument containing * (asterisk) and ? (question mark) characters to the DELETE command.
unknown
2006-12-05
2.0CVE-2006-6291
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
BUGTRAQ
SECTRACK
Microsoft -- Windows Live Messenger
Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons.
unknown
2006-12-04
1.9CVE-2006-6252
BUGTRAQ
BUGTRAQ
Microsoft -- Windows 2000
Microsoft -- Windows XP
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
unknown
2006-12-05
3.3CVE-2006-6296
OTHER-REF
BID
FRSIRT
SECUNIA
OTHER-REF
CERT-VN
SECTRACK
XF
Microsoft -- Internet Explorer
Microsoft Internet Explorer 6.0 SP1 and earlier allows remote attackers to cause a denial of service (crash) via an invalid src attribute value ("?") in an HTML frame tag that is in a frameset tag with a large rows attribute. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-06
2.3CVE-2006-6310
OTHER-REF
BID
Microsoft -- Internet Explorer
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.
unknown
2006-12-06
2.3CVE-2006-6311
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
NeoEngine -- NeoEngine
The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large iMessageLength that produces a failed memory allocation and a null pointer dereference.
unknown
2006-12-01
1.6CVE-2006-6227
OTHER-REF
OTHER-REF
BID
OSVDB
Novell -- Novell Client
Format string vulnerability in Novell Modular Authentication Services (NMAS) in the Novell Client 4.91 SP2 and SP3 allows users with physical access to read stack and memory contents via format string specifiers in the Username field of the logon window.
unknown
2006-12-05
1.3CVE-2006-6306
BUGTRAQ
FULLDISC
OTHER-REF
XF
Novell -- Novell client
srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.
unknown
2006-12-05
2.3CVE-2006-6307
OTHER-REF
BID
FRSIRT
SECUNIA
nVIDIA -- nView
keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. NOTE: it is not clear whether this issue crosses security boundaries. If not, then this is not a vulnerability.
unknown
2006-12-06
2.3CVE-2006-6340
BUGTRAQ
BID
OpenBSD -- OpenBSD
FreeBSD -- FreeBSD
NetBSD -- NetBSD
** DISPUTED ** Integer overflow in banner/banner.c in FreeBSD, NetBSD, and OpenBSD might allow local users to modify memory via a long banner. NOTE: CVE and multiple third parties dispute this issue. Since banner is not setuid, an exploit would not cross privilege boundaries in normal operations. This issue is not a vulnerability.
unknown
2006-12-07
3.9CVE-2006-6397
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Palm -- Palm Desktop
Palm Desktop 4.1.4 and earlier stores user data with weak permissions under the application directory, which allows local users to obtain sensitive information (address books, calendar files, and todo lists of other users) via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-04
1.0CVE-2006-6286
FRSIRT
SECUNIA
BID
XF
PhpMyAdmin -- PhpMyAdmin
PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message.
unknown
2006-12-07
2.3CVE-2006-6373
BUGTRAQ
XF
PostNuke Software Foundation -- PostNuke
PostNuke 0.7.5.0, and certain minor versions, allows remote attackers to obtain sensitive information via a non-numeric value of the stop parameter, which reveals the path in an error message.
unknown
2006-12-04
3.3CVE-2006-6267
BUGTRAQ
Songbird -- Songbird Media Player
Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.
unknown
2006-12-04
3.3CVE-2006-6250
Milw0rm
BID
XF
Sun -- Solaris
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.
unknown
2006-12-04
1.9CVE-2006-6275
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
XF
Symantec -- LiveState
** DISPUTED ** Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability.
unknown
2006-12-06
2.9CVE-2006-6308
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
SECTRACK
BUGTRAQ
XF
Telnet FTP Server -- Telnet FTP Server
Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-03
1.4CVE-2006-6240
BID
FRSIRT
SECUNIA
TorrentFlux -- TorrentFlux
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
unknown
2006-12-06
2.2CVE-2006-6328
OTHER-REF
SECUNIA
OTHER-REF
TorrentFlux -- TorrentFlux
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
unknown
2006-12-06
2.2CVE-2006-6329
OTHER-REF
SECUNIA
OTHER-REF
TorrentFlux -- TorrentFlux
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
unknown
2006-12-06
3.4CVE-2006-6330
OTHER-REF
SECUNIA
OTHER-REF
TorrentFlux -- TorrentFlux
metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to details.php.
unknown
2006-12-06
3.4CVE-2006-6331
OTHER-REF
OTHER-REF
Ulrik Petersen -- Emdros Database Engine
Ulrik Petersen -- Emrdos Database Engine
Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415.
unknown
2006-12-07
2.3CVE-2006-6395
MLIST
OTHER-REF
BID
FRSIRT
SECUNIA
VUBB -- VUBB
vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message.
unknown
2006-12-01
2.3CVE-2006-6231
BUGTRAQ
OTHER-REF
Yukihiro Matsumoto -- Ruby
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than CVE-2006-5467.
unknown
2006-12-06
3.3CVE-2006-6303
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
MANDRIVA
UBUNTU
BID
FRSIRT
SECUNIA
SECUNIA
XF
Back to top



Last updated December 11, 2006