Summary of Security Items from April 6 through April 12, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The US-CERT Cyber Security Bulletin provides a summary of new and updated vulnerabilities, exploits, trends, and malicious code that have recently been openly reported. Information in the Cyber Security Bulletin is a compilation of open source and US-CERT vulnerability information. As such, the Cyber Security Bulletin includes information published by sources outside of US-CERT and should not be considered the result of US-CERT analysis or as an official report of US-CERT. Although this information does reflect open source reports, it is not an official description and should be used for informational purposes only. The intention of the Cyber Security Bulletin is to serve as a comprehensive directory of pertinent vulnerability reports, providing brief summaries and additional sources for further investigation.
The tables below summarize vulnerabilities that have been reported by various open source organizations or presented in newsgroups and on web sites. Items in bold designate updates that have been made to past entries. Entries are grouped by the operating system on which the reported software operates, and vulnerabilities which affect both Windows and Unix/ Linux Operating Systems are included in the Multiple Operating Systems table. Note, entries in each table are not necessarily vulnerabilities in that operating system, but vulnerabilities in software which operate on some version of that operating system.
Entries may contain additional US-CERT sponsored information, including Common Vulnerabilities and Exposures (CVE) numbers, National Vulnerability Database (NVD) links, Common Vulnerability Scoring System (CVSS) values, Open Vulnerability and Assessment Language (OVAL) definitions, or links to US-CERT Vulnerability Notes. Metrics, values, and information included in the Cyber Security Bulletin which has been provided by other US-CERT sponsored programs, is prepared, managed, and contributed by those respective programs. CVSS values are managed and provided by the US-CERT/ NIST National Vulnerability Database. Links are also provided to patches and workarounds that have been provided by the product’s vendor.
The Risk levels are defined below:
High - Vulnerabilities will be labeled “High” severity if they have a CVSS base score of 7.0-10.0.
Medium - Vulnerabilities will be labeled “Medium” severity if they have a base CVSS score of 4.0-6.9.
Low - Vulnerabilities will be labeled “Low” severity if they have a CVSS base score of 0.0-3.9.
Note that scores provided prior to 11/9/2005 are approximated from only partially available CVSS metric data. Such scores are marked as "Approximated" within NVD. In particular, the following CVSS metrics are only partially available for these vulnerabilities and NVD assumes certain values based on an approximation algorithm: AccessComplexity, Authentication, ConfImpact of 'partial', IntegImpact of 'partial', AvailImpact of 'partial', and the impact biases.
Windows Operating Systems Only Vendor & Software Name DescriptionCommon Name
CVSS ResourcesHosting Controller 6.1
A vulnerability has been reported in Hosting Controller that could let remote malicious users disclose sensitive user information.
No workaround or patch available at time of publishing.
There is no exploit code required.
Hosting Controller Information Disclosure
Not Available Secunia, Advisory: SA19569, April 7, 2006 GlobalSCAPE Secure FTP Server 2.0, 3.0 through 3.1.3 various builds
A vulnerability has been reported in GlobalSCAPE Secure FTP server that could let remote malicious users cause a Denial of Service.
GlobalSCAPE Secure FTP Server 3.1.4 Build 01.10.2006
Currently we are not aware of any exploits for this vulnerability.
GlobalSCAPE Secure FTP Server Denial of Service
2.3 Secunia, Advisory: SA19547 , April 6, 2006 FrontPage Server Extensions
A vulnerability has been reported in FrontPage Server Extensions that could let remote malicious users conduct Cross-Site Scripting.
There is no exploit code required.
Microsoft FrontPage Server Extensions Cross-Site Scripting
7.0 Microsoft, Security Bulletin MS06-017, April 11, 2006
Internet Explorer
Multiple vulnerabilities have been reported in Internet Explorer that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Internet Explorer Arbitrary Code Execution
CVE-2006-1185
CVE-2006-1186
CVE-2006-1188
CVE-2006-1189
CVE-2006-1190
CVE-2006-1191
CVE-2006-1192
CVE-2006-1245
CVE-2006-1359
CVE-2006-13887.0
(CVE-2006-1185)10
(CVE-2006-1186)7.0
(CVE-2006-1188)10
(CVE-2006-1189)10
(CVE-2006-1190)3.7
(CVE-2006-1191)1.9
(CVE-2006-1192)7.0
(CVE-2006-1245)7.0
(CVE-2006-1359)7.0
(CVE-2006-1388)Microsoft, Security Bulletin MS06-013, April 11, 2006
US-CERT VU#434641, VU#503124, VU#341028, VU#824324, VU#959649, VU#984473, VU#959049, VU#876678
Microsoft Data Access Components (MDAC)
A vulnerability has been reported in Microsoft Data Access Components (MDAC) that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Data Access Components Arbitrary Code Execution
4.7 Microsoft, Security Bulletin MS06-014, April 11, 2006 Outlook Express
A vulnerability has been reported in Outlook Express that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Outlook Express Arbitrary Code Execution
7.0 Microsoft, Security Bulletin MS06-016, April 11, 2006
Windows Explorer
A vulnerability has been reported in Windows Explorer, COM Object handling, that could let remote malicious users execute arbitrary code.
Currently we are not aware of any exploits for this vulnerability.
Microsoft Windows Explorer Arbitrary Code Execution
7.0 Microsoft, Security Bulletin MS06-015, April 11, 2006
SunnComm MediaMax 5.0.21.0
A vulnerability has been reported due to insecure default directory ACLs set on the 'SunnComm Shared' directory, which could let a malicious user obtain elevated privileges.
Entry erroneously listed as Multiple OS.
There is no exploit code required.
Sony SunnComm MediaMax Insecure Directory Permissions
Secunia Advisory: SA17933, December 7, 2005
Security Tracker, Alert ID: 1015327, December 8, 2005
Web+ Shop 5.0
An input validation vulnerability has been reported in Web+ Shop that could let remote malicious users conduct Cross-Site Scripting.
No workaround or patch available at time of publishing.
A Proof of Concept exploit has been published.
Web+ Shop Cross-Site Scripting
2.3 Security Focus, ID: 17418, April 7, 2006 TUGZip 3.1.2, 3.3, 3.4 An input validation vulnerability has been reported in TUGZip that could let remote malicious users to arbitrarily traverse directories.
No workaround or patch available at time of publishing.
There is no exploit code required.
TUGZip Directory Traversal
2.0 Security Focus, ID: 17432, April 10, 2006
UNIX / Linux Operating Systems Only | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
Cherokee HTTPD 0.5. 0.4.17, 0.4.6 - 0.4.9, 0.2.5-0.2.7, 0.1.6, 0.1.5, 0.1 | A Cross-Site Scripting vulnerability has been reported in 'cherokee/handler_error.c' due to insufficient sanitization of the 'build_hardcoded_ Update to version 0.5.1 or later. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Secunia Advisory: SA19587, April 10, 2006 | ||
Cyrus SASL Library 2.x | A remote Denial of Service vulnerability has been reported due to an unspecified error during DIGEST-MD5 negotiation. Update to version 2.1.21. Currently we are not aware of any exploits for this vulnerability. | Cyrus SASL Remote Digest-MD5 Denial of Service | Secunia Advisory: SA19618, April 11, 2006 | |
Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha | A vulnerability has been reported when automatic database configuration is selected during the configuration process because the database administrator password is stored in the world-readable file '/var/cache/debconf/config.dat' which could lead to the disclosure of sensitive information. No workaround or patch available at time of publishing. There is no exploit code required. | Debian mnoGoSearch-Insecure Password | Not Available | Security Focus, Bugtraq ID: 17477, April 11, 2006 |
fbida 2.03, 2.01 | A vulnerability has been reported in the 'fbgs' script because temporary files are created insecurely when the 'TMPDIR' environment variable isn't defined, which could let a remote malicious user create/overwrite arbitrary files. No workaround or patch available at time of publishing. There is no exploit code required. | Fbida FBGS Insecure Temporary File Creation | Secunia Advisory: SA19559, April 10, 2006 | |
Mailman 2.1.7 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of input passed to the private archive script before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability can be exploited through a web client. | Mailman Private Archive Cross-Site Scripting | Security Tracker Alert ID: 1015876, April 7, 2006 | |
HP-UX B.11.11 | A vulnerability has been reported in the 'su' program when used with the LDAP netgroup feature, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for this vulnerability. | HP-UX 'SU' Elevated Privileges | HP Security Bulletin, HPSBUX02111, April 6, 2006 | |
Kaffeine Media Player 0.4.2-0.7.1 | A buffer overflow vulnerability has been reported in the 'http_peek()' function when creating HTTP request headers for retrieving remote playlists, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Kaffeine Buffer Overflow | 5.6 | KDE Security Advisory, April 4, 2006 Debian Security Advisory, Mandriva Linux Security Advisory MDKSA-2006:065, April 5, 2006 Gentoo Linux Security Advisory, GLSA 200604-04, April 5, 2006 SUSE Security Summary Report Announcement, SUSE-SR:2006:008, April 7, 2006 Ubuntu Security Notice, USN-268-1 April 6, 2006 |
Manic Web MWNewsletter 1.0 b | Multiple vulnerabilities have been reported: a vulnerability was reported in 'subscribe.php' due to insufficient sanitization of the 'user_name' parameter before saving, which could let a remote malicious user execute arbitrary HTML and script code; an SQL injection vulnerability was reported in 'unsubscripbe.php' due to insufficient sanitization of the 'user_name' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and an SQL injection vulnerability was reported in 'unsubscribe.php' due to insufficient sanitization of the 'user_email' parameter and in 'subscribe.php' due to insufficient sanitization of the 'user_name' and 'user_email' parameters, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities could be exploited with a web client. | Manic Web MWNewsletter Multiple Input Validation | Secunia Advisory: SA19568, April 7, 2006 | |
MPlayer 1.0.20060329 | Multiple vulnerabilities have been reported due to integer overflow errors in 'libmpdemux/asfheader.c' when handling an ASF file, and in 'libmpdemux/aviheader.c' when parsing the 'indx' chunk in an AVI file, which could let a remote malicious user cause a Denial of Service and potentially compromise a system. Currently we are not aware of any exploits for these vulnerabilities. | MPlayer Multiple Integer Overflows | 5.6 | Secunia Advisory: SA19418, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:068, April 7, 2006 |
Ubuntu Linux 5.10 powerpc, i386, amd64, 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A remote Denial of Service vulnerability has been reported in the attachment-scrubber utility. Update to version 2.1.6 or later. There is no exploit code required. | GNU Mailman Attachment Scrubber Remote Denial of Service | Security Focus, Bugtraq ID: 17311, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:061, March 29, 2006 Ubuntu Security Notice, USN-267-1, April 03, 2006 Debian Security Advisory, SUSE Security Summary Report Announcement, SUSE-SR:2006:008, April 7, 2006 | |
zlib 1.2.2, 1.2.1, 1.2 .0.7, 1.1-1.1.4, 1.0-1.0.9; Ubuntu Linux 5.0 4, powerpc, i386, amd64, 4.1 ppc, ia64, ia32; SuSE Open-Enterprise-Server 9.0, Novell Linux Desktop 9.0, Linux Professional 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Personal 9.3, x86_64, 9.2, x86_64, 9.1, x86_64, Linux Enterprise Server 9; Gentoo Linux; | A buffer overflow vulnerability has been reported due to insufficient validation of input data prior to utilizing it in a memory copy operation, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Zlib Compression Library Buffer Overflow | Debian Security Advisory FreeBSD Security Advisory, Gentoo Linux Security Advisory, GLSA 200507- SUSE Security Announcement, SUSE-SA:2005:039, Ubuntu Security Notice, RedHat Security Advisory, RHSA-2005:569-03, Fedora Update Notifications, Mandriva Linux Security Update Advisory, OpenPKG Trustix Secure Slackware Security Turbolinux Security Fedora Update Notification, FEDORA-2005-565, July 13, 2005 SUSE Security Summary Security Focus, 14162, July 21, 2005 Apple Security Update 2005-007, SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Security Focus, Bugtraq ID: 14162, August 26, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14162, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Gentoo Linux Security Advisory, GLSA 200509-18, September 26, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0055, October 7, 2005 Sun(sm) Alert Notification Mandriva Linux Security Advisory MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 Ubuntu Security Notice, USN-151-4, November 09, 2005 SCO Security Advisory, SCOSA-2006.6, January 10, 2006 Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:070, April 10, 2006 | |
zlib 1.2.2, 1.2.1; Ubuntu Linux 5.04 powerpc, i386, amd64, | A remote Denial of Service vulnerability has been reported due to a failure of the library to properly handle unexpected compression routine input. Currently we are not aware of any exploits for this vulnerability. | Multiple Vendor Zlib Compression Library Decompression Remote Denial of Service | Security Focus, Bugtraq ID 14340, July 21, 2005 Debian Security Advisory DSA 763-1, July 21, 2005 Ubuntu Security Notice, USN-151-1, July 21, 2005 OpenBSD, Release Errata 3.7, July 21, 2005 Mandriva Security Advisory, MDKSA-2005:124, July 22, 2005 Secunia, Advisory: SA16195, July 25, 2005 Slackware Security Advisory, SSA:2005- FreeBSD Security Advisory, SA-05:18, July 27, 2005 SUSE Security Announce- Gentoo Linux Security Advisory, GLSA 200507-28, July 30, 2005 Gentoo Linux Security Advisory, GLSA 200508-01, August 1, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0040, August 5, 2005 Conectiva Linux Announcement, CLSA-2005:997, August 11, 2005 Apple Security Update, APPLE-SA-2005-08-15, August 15, 2005 Turbolinux Security Advisory, TLSA-2005-83, August 18, 2005 SCO Security Advisory, SCOSA-2005.33, August 19, 2005 Debian Security Advisory, DSA 797-1, September 1, 2005 Security Focus, Bugtraq ID: 14340, September 12, 2005 Fedora Legacy Update Advisory, FLSA:162680, September 14, 2005 Debian Security Advisory, DSA 797-2, September 29, 2005 Mandriva Linux Security Advisory, MDKSA-2005:196, October 26, 2005 Ubuntu Security Notice, USN-151-3, October 28, 2005 Ubuntu Security Notice, USN-151-4, November 09, 2005 SCO Security Advisory, SCOSA-2006.6, January 10, 2006 Gentoo Linux Security Advisory, GLSA 200603-18, March 21, 2006 Debian Security Advisory, Mandriva Security Advisory, MDKSA-2006:070, April 10, 2006 | |
Debian Linux 3.1 sparc | Multiple buffer overflow vulnerabilities have been reported due to insufficient bounds-checking when copying user-supplied input to insufficiently sized memory buffers, which could let a malicious user obtain elevated privileges.
No workaround or patch available at time of publishing. Currently we are not aware of any exploits for these vulnerabilities. | BSD-Games Buffer Overflows | 4.9 | Security Focus, Bugtraq ID: 17401, April 7, 2006 |
Linux Kernel | A race condition vulnerability has been reported in ia32 emulation, that could let local malicious users obtain root privileges or create a buffer overflow. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Race Condition and Buffer Overflow | 5.6 | Security Focus, 14205, July 11, 2005 Trustix Secure Linux Security Advisory, SUSE Security Announce- RedHat Security Advisory, RHSA-2005:663-19, September 28, 2005 Debian Security Advisory, DSA 921-1, December 14, 2005 SmoothWall Advisory, March 15, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 |
Linux kernel 2.2.x, 2.4.x, 2.6.x | A buffer overflow vulnerability has been reported in the 'elf_core_dump()' function due to a signedness error, which could let a malicious user execute arbitrary code with ROOT privileges. An exploit script has been published. | Secunia Advisory, SA15341, May 12, 2005 Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005 Ubuntu Security Notice, USN-131-1, May 23, 2005 RedHat Security Advisory, RHSA-2005:472-05, May 25, 2005 Avaya Security Advisory, ASA-2005-120, June 3, 2005 Trustix Secure Linux Bugfix Advisory, TSLSA-2005-0029, June 24, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:110 & 111, June 30 & July 1, 3005 Conectiva Linux Announcement, CLSA-2005:999, August 17, 2005 SmoothWall Advisory, March 15, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | ||
Linux Kernel 2.6.10, 2.6 -test1-test11, 2.6-2.6.11 | A Denial of Service vulnerability has been reported in the 'load_elf_library' function. Currently we are not aware of any exploits for this vulnerability. | Fedora Security Trustix Secure Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 Conectiva Linux Security Announcement, CLA-2005:952, May 2, 2005 Fedora Legacy Update Advisory, FLSA:152532, June 4, 1005 SUSE Security Announcement, SUSE-SA:2005:29, June 9, 2005 SGI Security Advisory, 20060402-01-U, April 10, 2006 | ||
Linux kernel 2.6.10, 2.6 | Multiple vulnerabilities have been reported: a vulnerability was reported in the 'shmctl' function, which could let a malicious user obtain sensitive information; a Denial of Service vulnerability was reported in 'nls_ascii.c' due to the use of incorrect table sizes; a race condition vulnerability was reported in the 'setsid()' function; and a vulnerability was reported in the OUTS instruction on the AMD64 and Intel EM64T architecture, which could let a malicious user obtain elevated privileges. Currently we are not aware of any exploits for these vulnerabilities. | Linux Kernel
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0177">
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0176">CVE-2005-0176 | Ubuntu Security RedHat Security Advisory, SUSE Security Announce- Fedora Security Conectiva Linux Security Announce- Fedora Update Notification RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005 RedHat Security Advisories, RHSA-2005 RedHat Security Advisory, Avaya Security Advisory, ASA-2005-120, June 3, 2005 FedoraLegacy: FLSA:152532, June 4, 2005 RedHat Security Advisory, Mandriva Linux Security Advisory, MDKSA-2005:218, November 30, 2005 Trustix Secure Linux Security Advisory, 2006-0006, February 10, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | |
Linux Kernel 2.6.x | A Denial of Service vulnerability has been reported in the '_keyring_search_one()' function when a key is added to a non-keyring key. Update to version 2.6.16.3 or later. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel | Secunia Advisory: SA19573, April 11, 2006 | |
Linux kernel 2.6-2.6.12, 2.4-2.4.31
| A remote Denial of Service vulnerability has been reported due to a design error in the kernel. The vendor has released versions 2.6.13 and 2.4.32-rc1 of the kernel to address this issue. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel Remote Denial of Service | Ubuntu Security Notice, USN-219-1, November 22, 2005 Mandriva Linux Security Advisories, MDKSA-2005:218, 219 & 220, November 30, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Conectiva Linux Announcement, CLSA-2006:1059, January 2, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 RedHat Security Advisories, RHSA-2006:0190-5 & RHSA-2006:0191-9, February 1, 2006 Mandriva Security Advisory, MDKSA-2006:044, February 21, 2006 SmoothWall Advisory, March 15, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | |
Linux kernel 2.6-2.6.14; SuSE Linux Professional 10.0 OSS, Linux Personal 10.0 OSS; | A Denial of Service vulnerability has been reported in 'ptrace.c' when 'CLONE_THREAD' is used due to a missing check of the thread's group ID when trying to determine whether the process is attempting to attach to itself. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel PTrace 'CLONE_ | Secunia Advisory: SA17761, November 29, 2005 Fedora Update Notification, SuSE Security Announcement, SUSE-SA:2005:067, December 6, 2005 SUSE Security Announcement, SUSE-SA:2005:068, December 14, 2005 Mandriva Security Advisory, MDKSA-2006:018, January 20, 2006 Debian Security Advisory, Debian Security Advisory, Debian Security Advisory, DSA 1018-2, April 5, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | |
Linux kernel 2.6-2.6.15 | A Denial of Service vulnerability has been reported in the 'time_out_leases()' function because 'printk()' can consume large amounts of kernel log space. An exploit script has been published. | Linux Kernel PrintK Local Denial of Service | Security Focus, Bugtraq ID: 15627, November 29, 2005 Trustix Secure Linux Security Advisory, TSLSA-2005-0070, December 9, 2005 RedHat Security Advisory, RHSA-2006:0101-9, January 17, 2006 RedHat Security Advisory, RHSA-2006:0140-9, January 19, 2006 Debian Security Advisory, Debian Security Advisory, DSA-1018-1, March 24, 2006 Debian Security Advisory, DSA 1018-2, April 5, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | |
RedHat Fedora Core4; Linux Kernel 2.6.x | A Denial of Service vulnerability has been reported in the 'die_if_kernel()' function because it is erroneously marked with a 'noreturn' attribute. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel 'die_if_ | Security Focus, Bugtraq ID: 16993, March 5, 2006 Ubuntu Security Notice, USN-263-1 March 13, 2006 SGI Security Advisory, 20060402-01-U, April 10, 2006 | |
Tony Cook Imager 0.47-0.49, 0.45, 0.41-0.43; Debian Linux 3.1, sparc, s/390, ppc, mipsel, mips, m68k, ia-64, ia-32, hppa, arm, amd64, alpha | A remote Denial of Service vulnerability has been reported due to a failure to properly handle unexpected image data. Update to version 0.50 or later. A Proof of Concept exploit has been published. | Tony Cook Imager JPEG & TGA Images Denial of Service | Security Focus, Bugtraq ID: 17415, April 7, 2006 | |
Trustix Secure Linux 3.0, 2.2; | A Denial of Service vulnerability has been reported in the 'fill_write_buffer()' function due to an out-of-bounds memory error. Update to version 2.6.16.2. Currently we are not aware of any exploits for this vulnerability. | Linux Kernel SYSFS Denial of Service | Secunia Advisory: SA19495, April 10, 2006 | |
Trustix Secure Linux 3.0, 2.2; | Multiple vulnerabilities have been reported: a buffer overflow vulnerability was reported in the PE header parser in the 'cli_scanpe()' function, which could let a remote malicious user execute arbitrary code; format string vulnerabilities were reported in 'shared/output.c' in the logging handling, which could let remote malicious user execute arbitrary code; and a remote Denial of Service vulnerability was reported in the 'cli_bitset_test()' function due to an out-of-bounds memory access error. Currently we are not aware of any exploits for these vulnerabilities. | Security Focus, Bugtraq ID: 17388, April 7, 2006 Gentoo Linux Security Advisory, GLSA 200604-06, April 7, 2006 Mandriva Security Advisory, MDKSA-2006:067, April 7, 2006 Trustix Secure Linux Security Advisory #2006-0020, April 7, 2006 SUSE Security Announcement, SUSE-SA:2006:020, April 11, 2006
| ||
Ubuntu Linux 5.0 4 powerpc, i386, amd64, 4.1 ppc, ia64, ia32; | A vulnerability has been reported because the keyboard focus is not released when xscreensaver starts, which could let a malicious user obtain sensitive information.
The vendor has released version 4.18 of XScreenSaver to address this issue. Standard applications and network sniffers can be used to exploit this issue. | XScreenSaver Password Disclosure | Not Available | Security Focus, Bugtraq ID: 17471, April 11, 2006
|
X.org X11R6 6.7.0, 6.8, 6.8.1; | An integer overflow vulnerability exists in 'scan.c' due to insufficient sanity checks on on the 'bitmap_unit' value, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | Security Focus, Gentoo Linux Ubuntu Security Gentoo Linux Ubuntu Security ALTLinux Security Advisory, March 29, 2005 Fedora Update Notifications, RedHat Security Advisory, SGI Security Advisory, 20050401-01-U, April 6, 2005 RedHat Security Advisory, RHSA-2005:044-15, April 6, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:080, April 29, 2005 Mandriva Linux Security Update Advisory, MDKSA-2005:081, May 6, 2005 Debian Security Advisory, DSA 723-1, May 9, 2005 RedHat Security Advisory, RHSA-2005:412-05, May 11, 2005 RedHat Security Advisory, RHSA-2005:473-03, May 24, 2005 RedHat Security Advisory, RHSA-2005:198-35, June 8, 2005 Fedora Update Notifications, SCO Security Advisory, SCOSA-2005.57, December 14, 2005 SCO Security Advisory, SCOSA-2006.5, January 4, 2006 Fedora Legacy Update Advisory, FLSA:152803, January 10, 2006 SGI Security Advisory, 20060403-01-U, April 11, 2006 | ||
XFree86 X11R6 4.3 .0, | A buffer overflow vulnerability has been reported in the pixmap processing code, which could let a malicious user execute arbitrary code and possibly obtain superuser privileges. Sun 101926: Updated Contributing Factors, Relief/Workaround, and Resolution sections. Currently we are not aware of any exploits for this vulnerability. | XFree86 Pixmap Allocation Buffer Overflow | Gentoo Linux Security Advisory, GLSA 200509-07, September 12, 2005 RedHat Security Advisory, RHSA-2005:329-12 & RHSA-2005:396-9, September 12 & 13, 2005 Ubuntu Security Notice, USN-182-1, September 12, 2005 Mandriva Security Advisory, MDKSA-2005:164, September 13, 2005 Fedora Update Notifications, Trustix Secure Linux Security Advisory, TSLSA-2005-0049, September 16, 2005 Debian Security Advisory DSA 816-1, September 19, 2005 Sun(sm) Alert Notification SUSE Security Announcement, SUSE-SA:2005:056, September 26, 2005 Slackware Security Advisory, SSA:2005-269-02, September 26, 2005 Sun(sm) Alert Notification SUSE Security Summary Report, SUSE-SR:2005:023, October 14, 2005 Avaya Security Advisory, ASA-2005-218, October 19, 2005 Sun(sm) Alert Notification NetBSD Security Update, October 31, 2005 SGI Security Advisory, 20060403-01-U, April 11, 2006 | |
xzgv Image Viewer 0.8 0.7, 0.6; | A buffer overflow vulnerability has been reported when processing JPEG files due to a boundary error, which could let a remote malicious user execute arbitrary code. Currently we are not aware of any exploits for this vulnerability. | XZGV Image Viewer Remote Buffer Overflow | SUSE Security Summary Report Announcement, SUSE-SR:2006:008, April 7, 2006 | |
Solaris 10.0 _x86, 10.0, 9.0 _x86, 9.0, 8.0 _x86, 8.0 | A Denial of Service vulnerability has been reported in sh(1) when creating temporary files. Currently we are not aware of any exploits for this vulnerability. | Sun Solaris SH(1) Denial of Service | Not Available | Sun(sm) Alert Notification Sun Alert ID: 102282, April 11, 2006 |
Sun Trusted Solaris 8.0, Solaris 9.0 _x86, 9.0, 8.0 _x86, 8.0 | A vulnerability has been reported because the Directory Server rootDN (Distinguished Name) password may be disclosed to malicious users when privileged users run the idsconfig command or certain LDAP commands. Currently we are not aware of any exploits for this vulnerability. | Sun Solaris RootDN Password Disclosure | Not Available | Sun(sm) Alert Notification Sun Alert ID: 102113, April 11, 2006 |
Multiple Operating Systems - Windows/UNIX/Linux/Other | ||||
Vendor & Software Name | Description | Common Name | CVSS | Resources |
ADOdb 4.70, 4.68, 4.66 | An SQL injection vulnerability has been reported due to insufficient sanitization of certain parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. There is no exploit code required. | ADOdb PostgreSQL SQL Injection | Secunia Advisory: SA18575, January 24, 2006 Gentoo Linux Security Advisory, GLSA 200602-02, February 6, 2006 Debian Security Advisory, DSA-1029, April 8, 2006 Debian Security Advisory, Debian Security Advisory, | |
ADOdb 4.71 & prior | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to insufficient sanitization of the 'next_page' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'adodb_pager.inc.php' due to the unsafe use of 'PHP_SELF,' which could let a remote malicious user execute arbitrary HTML and script code. There is no exploit code required. | ADOdb Multiple Cross-Site Scripting | 2.3 | Secunia Advisory: SA18928, February 20, 2006 Debian Security Advisory, DSA-1029, April 8, 2006 Debian Security Advisory, Debian Security Advisory, |
Annuaire 1.0 | Several vulnerabilities have been reported: a script insertion vulnerability was reported in 'inscription.php' due to insufficient sanitization of the 'COMMENTAIRE' parameter before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported because it is possible to obtain the full path when certain scripts are accessed directly. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | Annuaire Script Insertion & Path Disclosure | Secunia Advisory: SA19548, April 6, 2006 | |
apt-webshop 4.0-pro, 3.0 light, 3.0 basic | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported due to insufficient sanitization of the 'message' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'modules.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | APT-webshop Cross-Site Scripting & SQL Injection | Secunia Advisory: SA19592, April 10, 2006 | |
SaphpLesson 3.0 | A Cross-Site Scripting vulnerability has been reported in the 'search.php script due to insufficient filtering of HTML code from user-supplied search input before displaying, which could let a remote malicious user execute arbitrary script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | SaphpLesson Input Validation | Security Tracker Alert ID: 1015883, April 9, 2006 | |
ARIA 0.99-6 | Several vulnerabilities have been reported: a vulnerability was reported in 'genmessage.php' due to insufficient sanitization of the 'message' parameter before saving, which could let a remote malicious user execute arbitrary HTML and script code; and vulnerabilities were reported in 'docmgmtadd.php' due to insufficient sanitization of the 'description' and 'comment' parameters and in 'gencompanvupd.php' and 'gencompanyadd.php' due to insufficient sanitization of the 'name,' 'address1,' 'address2,' 'city,' 'email,' and 'web' parameters, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | ARIA Multiple Input Validation | Security Focus, Bugtraq ID: 17411, April 10, 2006 | |
JetPhoto 2.1, 2.0, 1.0 | A vulnerability has been reported due to insufficient sanitization of the 'name' and 'page' parameters before returning to users, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | JetPhoto Server Cross-Site Scripting | Not Available | Secunia Advisory: SA19603, April 11, 2006 |
Autogallery 0.x | A Cross-Site Scripting vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'pic' and 'show' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Currently we are not aware of any exploits for this vulnerability. | Autogallery Cross-Site Scripting | Not Available | Secunia Advisory: SA19629, April 12, 2006 |
Aweb's Banner Generator 3.0 & prior | A Cross-Site Scripting vulnerability was reported in the 'banner' parameter due to insufficient sanitization, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | AWeb's Banner Generator Cross-Site Scripting | Security Tracker Alert ID: 1015877, April 7, 2006 | |
AWeb's Scripts Seller 0 | A vulnerability has been reported in the 'buy.php' script because a predictable cookie is used for authentication, which could let a remote malicious user bypass the authentication process. No workaround or patch available at time of publishing, Vulnerability can be exploited through a web client. | AWeb's Scripts Seller Authorization Bypass | Security Tracker Alert ID: 1015878, April 7, 2006 | |
AzDGVote 0 | A file include vulnerability has been reported i 'admin.php,' 'vote.php,' 'view.php,' and 'admin/index.php' due to insufficient sanitization of the 'int_path' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Not Available | Security Focus, Bugtraq ID: 17447, April 11, 2006 | |
Bitweaver 1.3 | A Cross-Site Scripting vulnerability has been reported in 'login.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Bitweaver CMS Cross-Site Scripting | 1.9 | Security Focus, Bugtraq ID: 17406, April 7, 2006 |
Blur6ex 0.3.462 | Multiple input validation vulnerabilities have been reported including Cross-Site Scripting and SQL injection due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML, script code and SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | Blursoft Blur6ex Multiple Input Validation | Not Available | Security Focus, Bugtraq ID: 17465, April 11, 2006 |
Cisco Transport Controller 4.x | Multiple vulnerabilities have been reported: multiple remote Denials of Service vulnerabilities were reported when an invalid response is sent instead of the final ACK packet during the 3-way handshake; a vulnerability was reported due to errors when processing IP packets which causes control cards to reset when a specially crafted IP packet is submitted; a vulnerability was reported due to an error when processing OSPF (Open Shortest Path First) packets which causes control cards to be reset; and a vulnerability was reported in the Cisco Transport Controller (CTC) applet launcher due to 'java.policy' permissions being too broad, which could let a remote malicious user execute arbitrary code. Upgrade & Workaround information Currently we are not aware of any exploits for these vulnerabilities. | Cisco Optical Networking System & Transport Controller Multiple Vulnerabilities | Cisco Security Advisory, cisco-sa-20060405, April 5, 2006 | |
Clansys 1.1 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'showid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, clansys_poc, has been published. | Clansys SQL Injection | Secunia Advisory: SA19609, April 11, 2006 | |
Clever Copy 3.0 | An information disclosure vulnerability has been reported due to improper restrictions to 'admin/connect.inc,' which could lead to the disclosure of sensitive information. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, adv28-K-159-2006.txt, has been published. | Clever Copy Information Disclosure | Bugtraq ID: 17461, April 11, 2006 | |
dnGuestbook 2.0 | An SQL injection vulnerability has been reported in 'admin.php' due to insufficient sanitization of the 'emal' and 'id' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. There is no exploit code required; however, a Proof of Concept exploit has been published. | Design Nation DNGuestbook Injection | Security Focus, Bugtraq ID: 17435, April 10, 2006 | |
Dokeos Open Source Learning & Knowledge Management Tool 1.6.4, 1.6 RC2, 1.5.3-1.5.5, 1.5, 1.4 | An SQL injection vulnerability has been reported in 'viewtopic.php' due to insufficient sanitization of the 'topic' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Dokeos SQL Injection | Not Available | Secunia Advisory: SA19604, April 11, 2006 |
Gallery 1.x | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of unspecified input before using, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerability can be exploited through a web client. | Gallery Cross-Site Scripting | Security Focus, Bugtraq ID: 17437, April 10, 2006 | |
N.T. 1.1.0 | Several vulnerabilities have been reported: an HTML injection vulnerability was reported in 'index.php' due to insufficient sanitization of the 'username' parameter before storing in a logfile, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'index.php' due to insufficient sanitization when editing the configuration file, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited via a web client. | N.T. HTML Injection & PHP Code Execution | Secunia Advisory: SA19526, April 5, 2006 | |
JBook 1.3 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'index.php' due to insufficient sanitization of the 'page' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and an SQL injection vulnerability was reported in 'form.php' due to insufficient sanitization of the the 'nom' and 'mail' parameters before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | JBook Cross-Site Scripting & SQL Injection | 7.0 (CVE-2006-1743) | Secunia Advisory: SA19613, April 11, 2006 |
VBulletin 3.5.1 | A Cross-Site Scripting vulnerability has been reported i 'vbugs.php' due to insufficient sanitization of the 'sortorder' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | vBulletin Cross-Site Scripting | Secunia Advisory: SA19562, April 7, 2006 | |
Jupiter CMS 1.1.5 | A Cross-Site Scripting vulnerability has been reported in 'Index.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Jupiter CMS Cross-Site Scripting | Security Focus, Bugtraq ID: 17405, April 7, 2006 | |
Secunia Advisory: SA19599 | Several vulnerabilities have been reported: a vulnerability was reported in 'guestbook.pl' due to insufficient sanitization of the 'realname,' 'username,' and 'comments' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code; and a vulnerability was reported in 'guestbook.pl' due to insufficient sanitization of the 'url,' 'city,' 'state,' and 'country' parameters before using, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited via a web client; however, a Proof of Concept exploit has been published. | Matt Wright Guestbook Script Insertion | Secunia Advisory: SA19586, April 10, 2006 | |
MD News 1 | An SQL injection vulnerability has been reported in 'admin.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | MD News SQL Injection | Not Available | Security Focus, Bugtraq ID: 17394, April 6, 2006 |
MAXdev MD-Pro 1.0.73, 1.0.72 | An SQL injection vulnerability has been reported in 'index.php' due to insufficient sanitization of the 'topicid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | MAXDEV MD-Pro SQL Injection | Secunia Advisory: SA19578, April 10, 2006 | |
PostNuke Development Team PostNuke 0.761; moodle 1.5.3; Mantis 1.0.0RC4, 0.19.4; Cacti 0.8.6 g; ADOdb 4.68, 4.66; AgileBill 1.4.92 & prior | Several vulnerabilities have been reported: an SQL injection vulnerability was reported in the 'server.php' test script, which could let a remote malicious user execute arbitrary SQL code and PHP script code; and a vulnerability was reported in the 'tests/tmssql.php' text script, which could let a remote malicious user call an arbitrary PHP function. There is no exploit code required; however, a Proof of Concept exploit has been published. | ADOdb Insecure Test Scripts | Secunia Advisory: SA17418, January 9, 2006 Security Focus, Bugtraq ID: 16187, February 7, 2006 Security Focus, Bugtraq ID: 16187, February 9, 2006 Debian Security Advisory, DSA-1029, April 8, 2006 Debian Security Advisory, Debian Security Advisory, | |
SQuery SQuery 4.5 & prior; Autonomous LAN Party 0 | Multiple remote file-include vulnerabilities have been reported in the 'LibPath' parameter due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code.
No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, squery.pl.txt, has been reported. | SQuery Multiple Remote File Include | Security Focus, Bugtraq ID: 17434, April 10, 2006 | |
MyBlog prior to 1.6. | Several vulnerabilities have been reported: an SQL injection vulnerability was reported due to insufficient sanitization of unspecified input before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code; and a script insertion vulnerability was reported due to insufficient sanitization of the name and body fields when posting a comment, which could let a remote malicious user execute arbitrary HTML and script code. Currently we are not aware of any exploits for these vulnerabilities. | MvBlog Script Insertion & SQL Injection | Not Available | Secunia Advisory: SA19634, April 12, 2006 |
OpenVPN 2.0-2.0.5 | A vulnerability has been reported in 'setenv' configuration directives, which could let a remote malicious user execute arbitrary code. Update to version 2.0.6. Currently we are not aware of any exploits for these vulnerability. | OpenVPN Client Remote Code Execution | Secunia Advisory: SA19531, April 6, 2006 Mandriva Security Advisory, MDKSA-2006:069, April 10, 2006 | |
Oracle9i Standard Edition 9.2.0.0-10.2.0.3, Oracle9i Personal Edition 9.2.0.0-10.2.0.3, Oracle9i Enterprise Edition 9.2.0.0-10.2.0.3, Oracle10g Standard Edition 9.2.0.0-10.2.0.3, Oracle10g Personal Edition 9.2.0.0-10.2.0.3, Oracle10g Enterprise Edition 9.2.0.0-10.2.0.3 | A vulnerability has been reported due to a failure to enforce read-only privileges for user roles, which could let a remote malicious user bypass restriction accesses. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Oracle Database Access Restriction Bypass | Security Focus, Bugtraq ID: 17426, April 10, 2006 | |
PHP 4azdgvote .x, 4.2.x, 4.3.x, 4.4.x, 5.0.x, 5.1.x | Multiple vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in the 'phpinfo()' PHP function because only the first 4096 characters of an array request parameter are sanitized before returning to users, which could let a remote malicious user execute arbitrary HTML and script code; a Directory Traversal vulnerability was reported in the 'tempnam()' PHP function due to an error, which could let a remote malicious create arbitrary files; a vulnerability was reported in the 'copy()' PHP function due to an error, which could let a remote malicious create arbitrary files; and a vulnerability was reported in the 'copy()' PHP function because the safe mode mechanism can be bypassed by a remote malicious user. Vulnerabilities may be exploited with standard PHP code; however, Proof of Concept exploit scripts have been published. | PHP Multiple Vulnerabilities | Secunia Advisory: SA19599, April 10, 2006 | |
PHP 4.3.x, 4.4.x, 5.0.x, 5.1.x | A vulnerability has been reported in the 'html_entity_decode()' function because it is not binary safe, which could let a remote malicious user obtain sensitive information. The vulnerability has been fixed in the CVS repository and in version 5.1.3-RC1. There is no exploit code required; however, a Proof of Concept exploit has been published. | PHP Information Disclosure | 2.3 | Secunia Advisory: SA19383, March 29, 2006 Mandriva Security Advisory, MDKSA-2006:063, April 2, 2006 Trustix Secure Linux Security Advisory #2006-0020, April 7, 2006 |
PHPKIT 1.6.1 R2 | An SQL injection vulnerability has been reported in 'Include.PHP' due to insufficient sanitization of the 'contentid' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | PHPKIT SQL Injection | Not Available | Security Tracker Alert ID: 1015888, April 10, 2006 |
PHPList Mailing List Manager 2.10.2, 2.10.1, 2.8.12, 2.6 -2.6.4 | A file include vulnerability has been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, exploit scripts, PHPList-lfi.php and phplist_2102_incl_xpl, have been published. | PHPList Local File Include | Not Available | Security Focus, Bugtraq ID: 17429, April 10, 2006 |
phpMyAdmin 1.x, 2.x | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of various scripts in the themes directory, which could let a remote malicious user execute arbitrary HTML and script code. Vulnerabilities can be exploited through a web client. | phpMyAdmin Cross-Site Scripting | phpMyAdmin Security Announcement PMASA-2006-1, April 6, 2006 | |
phpMyForum 4.0 | Cross-Site Scripting vulnerabilities have been reported in 'index.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | phpMyForum Cross-Site Scripting | Security Focus, Bugtraq ID: 17420, April 10, 2006 | |
PhpWebGallery 1.4.1 | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, a Proof of Concept exploit has been published. | PHPWebGallery Cross-Site Scripting | Security Focus, Bugtraq ID: 17421, April 10, 2006 | |
SAXoPRESS 0 | A Directory Traversal vulnerability has been reported in 'apps/pbcs.dll/misc' due to insufficient sanitization of the 'url' parameter before using, which could let a remote malicious user obtain sensitive information. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | Saxopress Directory Traversal | Not Available | Security Focus, Bugtraq ID: 17474, April 11, 2006 |
BASE Basic Analysis and Security Engine 1.2.4 | A Cross-Site Scripting vulnerability has been reported in the 'PrintFreshPage()' function due to insufficient sanitization of various scripts, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | Basic Analysis and Security Engine Cross-Site Scripting | Secunia Advisory: SA19544, April 6, 2006 | |
Shadowed Portal 5.7, d1 & d2 | A Cross-Site Scripting vulnerability has been reported due to insufficient sanitization of the 'page' parameter before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been reported. | Shadowed Portal Cross-Site Scripting | Secunia Advisory: SA19595, April 10, 2006 | |
ShopWeezle 2.0 | SQL injection vulnerabilities have been reported due to insufficient sanitization of the 'idemID' parameter in 'login.php' and 'memo.php' and in the 'index.php' due to insufficient sanitization of the 'itemgr,' 'ibrandID,' and 'album' parameters, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | ShopWeezle SQL Injection | Security Focus, Bugtraq ID: 17441, April 11, 2006 | |
SIRE 2.0 | A file upload vulnerability has been reported due to insufficient sanitization, which could let a remote malicious user upload and execute arbitrary code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been reported. | SIRE Arbitrary File Upload | Security Focus, Bugtraq ID: 17431, April 10, 2006 | |
SIRE 2.0 | A file include vulnerability has been reported in 'lire.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | SIRE Remote File Include | Security Focus, Bugtraq ID: 17428, April 10, 2006 | |
SKForum 1.0-1.5 | Multiple Cross-Site Scripting vulnerabilities have been reported in the 'areaID,' 'time,' and 'userID' parameters due to insufficient sanitization before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | SKForum Cross-Site Scripting | Security Focus, Bugtraq ID: 17389, April 6, 2006 | |
phpListPro 2.0 | A file include vulnerability has been reported in 'config.php' due to insufficient sanitization of the 'returnpath' parameter, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | SmartISoft phpListPro Remote File Include | Not Available | Security Focus, Bugtraq ID: 17448, April 11, 2006 |
SPIP 1.8.3 | A file include vulnerability has been reported in 'Spip_login.PHP' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | SPIP Remote File Include | Security Focus, Bugtraq ID: 17423, April 10, 2006 | |
Confixx 3.1.2 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'allgemein_ No workaround or patch available at time of publishing. Vulnerabilities could be exploited with a web client; however, Proof of Concept exploits have been published. | SWSoft Confixx Pro Cross-Site Scripting & SQL Injection | Not Available | Secunia Advisory: SA19611, April 12, 2006 |
XMB Forum 1.9.5 Final | A Cross-Site Scripting vulnerability has been reported in Flash Video due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client. | XMB Forum Flash Video Cross-Site Scripting | Not Available | Security Focus, ID: 17445, April 11, 2006 |
Tritanium Bulletin Board 1.2.3 | Several vulnerabilities have been reported: a Cross-Site Scripting vulnerability was reported in 'register.php' due to insufficient sanitization of the 'newuser_name,' 'newuser_email,' and 'newuser_hp' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code; and a Cross-Site Scripting vulnerability was reported in 'register.php' due to insufficient sanitization of the 'newuser_realname' and 'newuser_icq' parameters before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been published. | Tritanium Bulletin Board Cross-Site Scripting | Not Available | Secunia Advisory: SA19635, April 12, 2006 |
Manila 9.4, 9.5 | Cross-Site Scripting vulnerabilities have been reported due to insufficient sanitization of the 'mode' parameter in 'discuss/msgReader' and 'newsItems/viewDepartment' before returning to the user, which could let a remote malicious user execute arbitrary HTML and script code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client. | Not Available | Secunia Advisory: SA19636, April 12, 2006 | |
VegaDNS 0.9.9 | Multiple input validation vulnerabilities have been reported due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary code. No workaround or patch available at time of publishing. Vulnerabilities can be exploited through a web client; however, Proof of Concept exploits have been reported. | Not Available | Security Focus, Bugtraq ID: 17433, April 10, 2006 | |
VWar 1.5 | A file include vulnerability has been reported in 'admin.php' due to insufficient sanitization of user-supplied input, which could let a remote malicious user execute arbitrary PHP code. The vendor has released VWar 1.5.0 R11 to address this issue. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit has been published. | VWar Remote File Include | Not Available | Security Focus, Bugtraq ID: 17443, April 11, 2006 |
XBrite 1.1 | An SQL injection vulnerability has been reported in 'members.php' due to insufficient sanitization of the 'id' parameter before using in an SQL query, which could let a remote malicious user execute arbitrary SQL code. No workaround or patch available at time of publishing. Vulnerability can be exploited through a web client; however, a Proof of Concept exploit script, xbrite_poc, has been published. | XBrite SQL Injection | Secunia Advisory: SA19602, April 10, 2006 |
Wireless Trends & Vulnerabilities
This section contains wireless vulnerabilities, articles, and malicious code
that has been identified during the current reporting period.
- Phishers ring changes with phone scam: A new phishing scam has been identified by security experts that t uses a toll-free telephone number rather than a bogus website to gather online banking passwords from unwary victims.
This section contains brief summaries and links to articles which discuss or present
information pertinent to the cyber security community.
- Cybercrime More Widespread, Skillful, Dangerous Than Ever: Based on evidence gathered over the last two years, the Response Team at VeriSign-owned iDefense, is convinced that groups of well-organized mobsters have taken control of a global billion-dollar crime network powered by skillful hackers and money mules targeting known software security weaknesses.
name=viruses id="viruses">Viruses/Trojans Top Ten Virus Threats
A list of high threat viruses, as reported to various anti-virus vendors and virus incident reporting organizations, has been ranked and categorized in the table below. For the purposes of collecting and collating data, infections involving multiple systems at a single location are considered a single infection. It is therefore possible that a virus has infected hundreds of machines but has only been counted once. With the number of viruses that appear each month, it is possible that a new virus will become widely distributed before the next edition of this publication. To limit the possibility of infection, readers are reminded to update their anti-virus packages as soon as updates become available. The table lists the viruses by ranking (number of sites affected), common virus name, type of virus code (i.e., boot, file, macro, multi-partite, script), trends (based on number of infections reported since last week), and approximate date first found.
face="Arial, Helvetica, sans-serif">Rank Common Name Type of Code face="Arial, Helvetica, sans-serif">Trend Date face="Arial, Helvetica, sans-serif">Description1 Netsky-P Win32 Worm StableMarch 2004 A mass-mailing worm that uses its own SMTP engine to send itself to the email addresses it finds when scanning the hard drives and mapped drives. The worm also tries to spread through various file-sharing programs by copying itself into various shared folder. 2 Zafi-B Win32 Worm StableJune 2004 A mass-mailing worm that spreads via e-mail using several different languages, including English, Hungarian and Russian. When executed, the worm makes two copies of itself in the %System% directory with randomly generated file names. 3 Lovgate.w Win32 Worm StableApril 2004 A mass-mailing worm that propagates via by using MAPI as a reply to messages, by using an internal SMTP, by dropping copies of itself on network shares, and through peer-to-peer networks. Attempts to access all machines in the local area network. 4 Mytob.C Win32 Worm StableMarch 2004 A mass-mailing worm with IRC backdoor functionality which can also infect computers vulnerable to the Windows LSASS (MS04-011) exploit. The worm will attempt to harvest email addresses from the local hard disk by scanning files. 5 Mytob-GH Win32 Worm StableNovember 2005 A variant of the mass-mailing worm that disables security related programs and allows other to access the infected system. This version sends itself to email addresses harvested from the system, forging the sender’s address. 6 Nyxum-D Win32 Worm StableMarch 2006 A mass-mailing worm that turns off anti-virus, deletes files, downloads code from the internet, and installs in the registry. This version also harvests emails addresses from the infected machine and uses its own emailing engine to forge the senders address. 7 Netsky-D Win32 Worm StableMarch 2004 A simplified variant of the Netsky mass-mailing worm in that it does not contain many of the text strings that were present in NetSky.C and it does not copy itself to shared folders. Netsky.D spreads itself in e-mails as an executable attachment only. 8 Mytob-BE Win32 Worm StableJune 2005 A slight variant of the mass-mailing worm that utilizes an IRC backdoor, LSASS vulnerability, and email to propagate. Harvesting addresses from the Windows address book, disabling antivirus, and modifying data. 9 Mytob-AS Win32 Worm StableJune 2005 A slight variant of the mass-mailing worm that disables security related programs and processes, redirection various sites, and changing registry values. This version downloads code from the net and utilizes its own email engine. 10 Zafi-D Win32 Worm StableDecember 2004 A mass-mailing worm that sends itself to email addresses gathered from the infected computer. The worm may also attempt to lower security settings, terminate processes, and open a back door on the compromised computer. Table updated April 11, 2006
Last updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.