U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-219)

Vulnerability Summary for the Week of July 31, 2006

Original release date: August 07, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
unknown
2006-08-02
7.0CVE-2006-3498
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
unknown
2006-08-02
7.0CVE-2006-3505
APPLE
Apple -- SafariThe KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on Mac OS X 10.4 allows remote attackers to execute arbitrary code via Javascript that changes document.body.innerHTML within a DIV tag, which results in memory corruption.
2006-07-31
2006-07-31
7.0CVE-2006-3946
BLOGSPOT
FRSIRT
SECUNIA
BID
XF
Banex -- BanexMultiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
unknown
2006-08-01
7.0CVE-2006-3963
FULLDISC
BID
Banex -- BanexPHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
unknown
2006-08-01
7.0CVE-2006-3964
FULLDISC
BID
BosDev -- BosDatesPHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.
unknown
2006-08-01
7.0CVE-2006-3957
OTHER-REF
BID
SECTRACK
Brian Wotring -- OsirisFormat string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions.
unknown
2006-07-31
7.0CVE-2006-3120
OTHER-REF
OTHER-REF
DEBIAN
Carlos Sanchez Valle -- MyNewsGroups
PHP Layers Menu -- PHP Layers Menu
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
unknown
2006-08-01
7.0CVE-2006-3966
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan allows remote attacakers to execute arbitrary code due to "improper bounds checking when processing certain user input."
unknown
2006-08-04
7.0CVE-2006-3975
OTHER-REF
SECUNIA
EFS Software -- Easy File Sharing FTP ServerStack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-01
7.0CVE-2006-3952
FRSIRT
SECUNIA
Joomla! -- LMOPHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3970
OTHER-REF
FRSIRT
XF
libTIFF -- libTIFFMultiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2 allow context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3459
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3460
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
unknown
2006-08-02
7.0CVE-2006-3461
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
unknown
2006-08-02
7.0CVE-2006-3462
DEBIAN
libTIFF -- libTIFFUnspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3465
DEBIAN
Mam-moodle alpha component -- Mam-moodle alpha componentPHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3951
OTHER-REF
BID
FRSIRT
XF
Mambo -- Artlinks componentPHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3949
BUGTRAQ
BID
Mambo -- bayesiannaivefilterPHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3962
OTHER-REF
BID
MamboXChange -- a6MamboHelpDeskPHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
2006-07-27
2006-07-31
7.0CVE-2006-3930
BUGTRAQ
Milw0rm
BID
FRSIRT
Mikael Software -- WMNewsPHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath paramter.
unknown
2006-07-31
7.0CVE-2006-3928
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
MiniBB -- MiniBBMultiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
unknown
2006-08-01
7.0CVE-2006-3955
BUGTRAQ
BUGTRAQ
BID
SECTRACK
SECTRACK
XF
Moskool -- MoskoolPHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3967
BUGTRAQ
BID
PHP Pro Bid -- PHP Pro BidMultiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
unknown
2006-07-31
7.0CVE-2006-3926
BUGTRAQ
BID
OSVDB
OSVDB
SECTRACK
SECUNIA
XF
phpBB Group -- phpbb-auctionMultiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
unknown
2006-07-31
7.0CVE-2006-3940
BUGTRAQ
OTHER-REF
PortailPHP -- PortailPHPPHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2006-07-28
7.0CVE-2006-3922
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
ScriptsCenter -- ezUpload ProScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.
unknown
2006-07-31
7.0CVE-2006-3939
BUGTRAQ
BID
Sun -- N1 Grid EngineUnspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors.
unknown
2006-07-31
7.0CVE-2006-3941
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
Ubuntu -- Ubuntu Linux
Apache Software Foundation -- Apache
Off-by-one error in the the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
unknown
2006-07-28
7.0CVE-2006-3747
OTHER-REF
OTHER-REF
CERT-VN
UBUNTU
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MANDRIVA
OPENPKG
SUSE
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
XF
X-Scripts -- X-StatisticsSQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
unknown
2006-08-01
7.0CVE-2006-3950
FULLDISC
BID
FRSIRT
SECUNIA
X-Scripts -- X-StatisticsSQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
unknown
2006-08-01
7.0CVE-2006-3959
OTHER-REF
BID
FRSIRT
SECUNIA
X-Scripts -- X-PollSQL injection vulnerability in top.php in X-Scripts X-Poll 1.10 allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-01
7.0CVE-2006-3960
OTHER-REF
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alkacon -- OpenCmssystem/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
unknown
2006-07-31
4.2CVE-2006-3935
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
XF
XF
XF
XF
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
unknown
2006-08-02
5.6CVE-2006-0392
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-complicit attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
unknown
2006-08-02
6.4CVE-2006-3497
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
unknown
2006-08-02
4.9CVE-2006-3500
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
unknown
2006-08-02
5.6CVE-2006-3501
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
unknown
2006-08-02
5.6CVE-2006-3502
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
unknown
2006-08-02
5.6CVE-2006-3503
APPLE
Gonafish -- LinksCaffeSQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-07-31
5.6CVE-2006-3932
SECUNIA
InterActual Technologies -- InterActual PlayerStack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-07-28
4.7CVE-2006-3925
BID
FRSIRT
SECUNIA
InterVations -- FileCOPAInteger underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
unknown
2006-07-28
4.7CVE-2006-3768
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Joomla! -- ColophonPHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
5.6CVE-2006-3969
OTHER-REF
BID
FRSIRT
SECUNIA
XF
libTIFF -- libTIFFMultiple unspecified vulnerabilities in the TIFF library (libtiff) before 3.8.2 have unknown impact and attack vectors related to "multiple unchecked arithmetic operations" including numeric range checks.
unknown
2006-08-02
4.9CVE-2006-3464
DEBIAN
Mambo -- MambatstaffPHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
2006-07-29
2006-08-01
5.6CVE-2006-3947
BUGTRAQ
Milw0rm
BID
SECUNIA
McAfee -- VirusScan
McAfee -- AntiSpyware
McAfee -- Wireless Home Network Security
McAfee -- Internet Security Suite
McAfee -- SpamKiller
McAfee -- QuickClean
McAfee -- Privacy Service
McAfee -- Personal Firewall Plus
McAfee -- SecurityCenter
Unspecified vulnerability in McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, and AntiSpyware allows remote attackers to execute arbitrary commands via unknown vectors.
unknown
2006-08-01
4.7CVE-2006-3961
OTHER-REF
BID
SECUNIA
Tuomas Airaksinen -- MidirecordBuffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.
unknown
2006-07-31
4.9CVE-2006-3931
BUGTRAQ
ECHO
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alkacon -- OpenCmsCross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
unknown
2006-07-31
1.4CVE-2006-3933
BUGTRAQ
OTHER-REF
OPENCMS
OPENCMS
SECUNIA
XF
Alkacon -- OpenCmsAbsolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
unknown
2006-07-31
2.0CVE-2006-3934
BUGTRAQ
OTHER-REF
OPENCMS
OPENCMS
SECUNIA
XF
Alkacon -- OpenCmssystem/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
unknown
2006-07-31
1.4CVE-2006-3936
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
unknown
2006-08-02
3.7CVE-2006-0393
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results.
unknown
2006-08-02
1.9CVE-2006-1472
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
unknown
2006-08-02
3.3CVE-2006-1473
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
unknown
2006-08-02
1.6CVE-2006-3495
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
unknown
2006-08-02
3.3CVE-2006-3496
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
unknown
2006-08-02
1.6CVE-2006-3499
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
unknown
2006-08-02
1.3CVE-2006-3504
APPLE
Banex -- BanexBanex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
unknown
2006-08-01
2.3CVE-2006-3965
FULLDISC
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
unknown
2006-08-04
2.3CVE-2006-3976
OTHER-REF
SECUNIA
CounterPane -- PasswordSafePassword Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.
unknown
2006-07-28
1.6CVE-2006-3675
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Dokeos -- DokeosMultiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-07-28
2.3CVE-2006-3924
OTHER-REF
BID
SECUNIA
Dotclear -- DotclearDotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.
unknown
2006-07-31
2.3CVE-2006-3938
BUGTRAQ
Fire-Mouse -- ToplistCross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.
unknown
2006-07-28
1.9CVE-2006-3923
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
GnuPG -- GnuPGBuffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
unknown
2006-07-28
2.3CVE-2006-3746
MLIST
OTHER-REF
BID
libTIFF -- libTIFFThe TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an infinite loop.
unknown
2006-08-02
3.3CVE-2006-3463
DEBIAN
Linux -- Linux kernelThe (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 performs the atomic futex operation with user space addresses instead of kernel space addresses, which allows local users to cause a denial of service (crash).
unknown
2006-08-04
1.6CVE-2006-3634
OTHER-REF
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet on an SMB PIPE that triggers a null dereference.
unknown
2006-07-31
2.3CVE-2006-3942
ISS
OTHER-REF
OTHER-REF
BID
XF
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Internet ExplorerStack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
2006-07-27
2006-07-31
1.9CVE-2006-3943
BLOGSPOT
BID
OSVDB
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
2006-07-23
2006-07-31
2.3CVE-2006-3944
BLOGSPOT
FRSIRT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
unknown
2006-07-28
1.9CVE-2006-3812
OTHER-REF
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
OTHER-REF
BUGTRAQ
REDHAT
UBUNTU
UBUNTU
CERT-VN
SECUNIA
XF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
unknown
2006-08-01
2.3CVE-2006-3953
BUGTRAQ
BID
MyBB -- MyBBDirectory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
unknown
2006-08-01
2.3CVE-2006-3954
BUGTRAQ
BID
Opera Software -- Opera Web BrowserThe CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.
2006-07-26
2006-07-31
2.3CVE-2006-3945
BLOGSPOT
FRSIRT
OSVDB
XF
PHP Pro Bid -- PHP Pro BidCross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.
unknown
2006-07-31
2.3CVE-2006-3927
BUGTRAQ
BID
OSVDB
SECTRACK
SECUNIA
XF
PHP-Nuke -- INPCross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
2006-07-28
2006-08-01
2.3CVE-2006-3948
BUGTRAQ
BID
PKR Internet -- TaskjitsuMultiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-08-01
2.3CVE-2006-3958
OTHER-REF
FRSIRT
SECUNIA
Scott Weedon -- Ajax ChatCross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
unknown
2006-08-02
2.3CVE-2006-3971
FULLDISC
BID
FRSIRT
SECUNIA
XF
Scott Weedon -- Ajax ChatDirectory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter.
unknown
2006-08-02
2.3CVE-2006-3972
FULLDISC
BID
FRSIRT
SECUNIA
XF
Sun -- SolarisThe TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
unknown
2006-07-28
2.3CVE-2006-3920
SUNALERT
FRSIRT
SECTRACK
SECUNIA
XF
Sun -- Java System Application Server
Sun -- Java Web Server
Sun -- Java System Web Server
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
unknown
2006-07-28
1.4CVE-2006-3921
SUNALERT
BID
SECTRACK
SECTRACK
FRSIRT
SECUNIA
Sun -- SolarisThe crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
unknown
2006-08-01
2.3CVE-2006-3968
SUNALERT
Tamarack Consulting -- Tamarack MMSdTamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets.
unknown
2006-07-28
2.3CVE-2006-1178
OTHER-REF
CERT-VN
XF
BID
Total Online Solutions -- Advanced Webhost Billing SystemMultiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.
unknown
2006-08-01
2.3CVE-2006-3956
BUGTRAQ
SECUNIA
VMWare -- ESX ServerVMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
2006-05-12
2006-07-31
2.3CVE-2006-2481
OTHER-REF
xGuestBook -- xGuestBookpost.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.
unknown
2006-07-31
2.3CVE-2006-3937
BUGTRAQ
XF
ZyXEL Prestige -- 660H-61 ADSL RouterCross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
unknown
2006-07-31
2.3CVE-2006-3929
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF

Back to top

 

 

 

 

Last updated August 07, 2006

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
unknown
2006-08-02
7.0CVE-2006-3498
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
unknown
2006-08-02
7.0CVE-2006-3505
APPLE
Apple -- SafariThe KHTMLParser::popOneBlock function in Apple Safari 2.0.4 on Mac OS X 10.4 allows remote attackers to execute arbitrary code via Javascript that changes document.body.innerHTML within a DIV tag, which results in memory corruption.
2006-07-31
2006-07-31
7.0CVE-2006-3946
BLOGSPOT
FRSIRT
SECUNIA
BID
XF
Banex -- BanexMultiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
unknown
2006-08-01
7.0CVE-2006-3963
FULLDISC
BID
Banex -- BanexPHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
unknown
2006-08-01
7.0CVE-2006-3964
FULLDISC
BID
BosDev -- BosDatesPHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.
unknown
2006-08-01
7.0CVE-2006-3957
OTHER-REF
BID
SECTRACK
Brian Wotring -- OsirisFormat string vulnerability in Brian Wotring Osiris before 4.2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified attack vectors related to the logging functions.
unknown
2006-07-31
7.0CVE-2006-3120
OTHER-REF
OTHER-REF
DEBIAN
Carlos Sanchez Valle -- MyNewsGroups
PHP Layers Menu -- PHP Layers Menu
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
unknown
2006-08-01
7.0CVE-2006-3966
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan allows remote attacakers to execute arbitrary code due to "improper bounds checking when processing certain user input."
unknown
2006-08-04
7.0CVE-2006-3975
OTHER-REF
SECUNIA
EFS Software -- Easy File Sharing FTP ServerStack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-01
7.0CVE-2006-3952
FRSIRT
SECUNIA
Joomla! -- LMOPHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3970
OTHER-REF
FRSIRT
XF
libTIFF -- libTIFFMultiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2 allow context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3459
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3460
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
unknown
2006-08-02
7.0CVE-2006-3461
DEBIAN
libTIFF -- libTIFFHeap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
unknown
2006-08-02
7.0CVE-2006-3462
DEBIAN
libTIFF -- libTIFFUnspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
unknown
2006-08-02
8.0CVE-2006-3465
DEBIAN
Mam-moodle alpha component -- Mam-moodle alpha componentPHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3951
OTHER-REF
BID
FRSIRT
XF
Mambo -- Artlinks componentPHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3949
BUGTRAQ
BID
Mambo -- bayesiannaivefilterPHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3962
OTHER-REF
BID
MamboXChange -- a6MamboHelpDeskPHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
2006-07-27
2006-07-31
7.0CVE-2006-3930
BUGTRAQ
Milw0rm
BID
FRSIRT
Mikael Software -- WMNewsPHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath paramter.
unknown
2006-07-31
7.0CVE-2006-3928
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
MiniBB -- MiniBBMultiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
unknown
2006-08-01
7.0CVE-2006-3955
BUGTRAQ
BUGTRAQ
BID
SECTRACK
SECTRACK
XF
Moskool -- MoskoolPHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
7.0CVE-2006-3967
BUGTRAQ
BID
PHP Pro Bid -- PHP Pro BidMultiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
unknown
2006-07-31
7.0CVE-2006-3926
BUGTRAQ
BID
OSVDB
OSVDB
SECTRACK
SECUNIA
XF
phpBB Group -- phpbb-auctionMultiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via (1) the ar parameter in auction_room.php and (2) the u parameter in auction_store.php. NOTE: the auction_rating.php vector is already covered by CVE-2005-1234. NOTE: the original disclosure states that the product name is "PHP-Auction", but this is probably an error.
unknown
2006-07-31
7.0CVE-2006-3940
BUGTRAQ
OTHER-REF
PortailPHP -- PortailPHPPHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2006-07-28
7.0CVE-2006-3922
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BID
XF
ScriptsCenter -- ezUpload ProScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.
unknown
2006-07-31
7.0CVE-2006-3939
BUGTRAQ
BID
Sun -- N1 Grid EngineUnspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors.
unknown
2006-07-31
7.0CVE-2006-3941
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
Ubuntu -- Ubuntu Linux
Apache Software Foundation -- Apache
Off-by-one error in the the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
unknown
2006-07-28
7.0CVE-2006-3747
OTHER-REF
OTHER-REF
CERT-VN
UBUNTU
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
MANDRIVA
OPENPKG
SUSE
BID
FRSIRT
SECTRACK
SECUNIA
SECUNIA
XF
X-Scripts -- X-StatisticsSQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
unknown
2006-08-01
7.0CVE-2006-3950
FULLDISC
BID
FRSIRT
SECUNIA
X-Scripts -- X-StatisticsSQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
unknown
2006-08-01
7.0CVE-2006-3959
OTHER-REF
BID
FRSIRT
SECUNIA
X-Scripts -- X-PollSQL injection vulnerability in top.php in X-Scripts X-Poll 1.10 allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-01
7.0CVE-2006-3960
OTHER-REF
BID

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alkacon -- OpenCmssystem/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
unknown
2006-07-31
4.2CVE-2006-3935
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
XF
XF
XF
XF
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
unknown
2006-08-02
5.6CVE-2006-0392
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in the "compression state handling" in Bom for Apple Mac OS X 10.3.9 and 10.4.7 allows user-complicit attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Zip archive.
unknown
2006-08-02
6.4CVE-2006-3497
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability.
unknown
2006-08-02
4.9CVE-2006-3500
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image.
unknown
2006-08-02
5.6CVE-2006-3501
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled.
unknown
2006-08-02
5.6CVE-2006-3502
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image.
unknown
2006-08-02
5.6CVE-2006-3503
APPLE
Gonafish -- LinksCaffeSQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-07-31
5.6CVE-2006-3932
SECUNIA
InterActual Technologies -- InterActual PlayerStack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-07-28
4.7CVE-2006-3925
BID
FRSIRT
SECUNIA
InterVations -- FileCOPAInteger underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
unknown
2006-07-28
4.7CVE-2006-3768
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Joomla! -- ColophonPHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-01
5.6CVE-2006-3969
OTHER-REF
BID
FRSIRT
SECUNIA
XF
libTIFF -- libTIFFMultiple unspecified vulnerabilities in the TIFF library (libtiff) before 3.8.2 have unknown impact and attack vectors related to "multiple unchecked arithmetic operations" including numeric range checks.
unknown
2006-08-02
4.9CVE-2006-3464
DEBIAN
Mambo -- MambatstaffPHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
2006-07-29
2006-08-01
5.6CVE-2006-3947
BUGTRAQ
Milw0rm
BID
SECUNIA
McAfee -- VirusScan
McAfee -- AntiSpyware
McAfee -- Wireless Home Network Security
McAfee -- Internet Security Suite
McAfee -- SpamKiller
McAfee -- QuickClean
McAfee -- Privacy Service
McAfee -- Personal Firewall Plus
McAfee -- SecurityCenter
Unspecified vulnerability in McAfee Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, and AntiSpyware allows remote attackers to execute arbitrary commands via unknown vectors.
unknown
2006-08-01
4.7CVE-2006-3961
OTHER-REF
BID
SECUNIA
Tuomas Airaksinen -- MidirecordBuffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.
unknown
2006-07-31
4.9CVE-2006-3931
BUGTRAQ
ECHO
BID

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Alkacon -- OpenCmsCross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.
unknown
2006-07-31
1.4CVE-2006-3933
BUGTRAQ
OTHER-REF
OPENCMS
OPENCMS
SECUNIA
XF
Alkacon -- OpenCmsAbsolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.
unknown
2006-07-31
2.0CVE-2006-3934
BUGTRAQ
OTHER-REF
OPENCMS
OPENCMS
SECUNIA
XF
Alkacon -- OpenCmssystem/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.
unknown
2006-07-31
1.4CVE-2006-3936
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
unknown
2006-08-02
3.7CVE-2006-0393
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results.
unknown
2006-08-02
1.9CVE-2006-1472
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors.
unknown
2006-08-02
3.3CVE-2006-1473
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys in a world-readable file, which allows local users to obtain the keys and access files and folders of other users.
unknown
2006-08-02
1.6CVE-2006-3495
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause denial of service (crash) via an invalid AFP request that triggers an unchecked error condition.
unknown
2006-08-02
3.3CVE-2006-3496
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications.
unknown
2006-08-02
1.6CVE-2006-3499
APPLE
Apple -- Mac OS X Server
Apple -- Mac OS X
The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari.
unknown
2006-08-02
1.3CVE-2006-3504
APPLE
Banex -- BanexBanex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
unknown
2006-08-01
2.3CVE-2006-3965
FULLDISC
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
unknown
2006-08-04
2.3CVE-2006-3976
OTHER-REF
SECUNIA
CounterPane -- PasswordSafePassword Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.
unknown
2006-07-28
1.6CVE-2006-3675
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Dokeos -- DokeosMultiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-07-28
2.3CVE-2006-3924
OTHER-REF
BID
SECUNIA
Dotclear -- DotclearDotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.
unknown
2006-07-31
2.3CVE-2006-3938
BUGTRAQ
Fire-Mouse -- ToplistCross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.
unknown
2006-07-28
1.9CVE-2006-3923
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
GnuPG -- GnuPGBuffer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.
unknown
2006-07-28
2.3CVE-2006-3746
MLIST
OTHER-REF
BID
libTIFF -- libTIFFThe TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via unknown vectors that trigger an infinite loop.
unknown
2006-08-02
3.3CVE-2006-3463
DEBIAN
Linux -- Linux kernelThe (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic functions in Linux kernel 2.6.17-rc4 to 2.6.18-rc2 performs the atomic futex operation with user space addresses instead of kernel space addresses, which allows local users to cause a denial of service (crash).
unknown
2006-08-04
1.6CVE-2006-3634
OTHER-REF
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
The server driver (srv.sys) in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet on an SMB PIPE that triggers a null dereference.
unknown
2006-07-31
2.3CVE-2006-3942
ISS
OTHER-REF
OTHER-REF
BID
XF
FRSIRT
SECTRACK
SECUNIA
Microsoft -- Internet ExplorerStack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
2006-07-27
2006-07-31
1.9CVE-2006-3943
BLOGSPOT
BID
OSVDB
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
2006-07-23
2006-07-31
2.3CVE-2006-3944
BLOGSPOT
FRSIRT
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to reference remote files and possibly load chrome: URLs by tricking the user into copying or dragging links.
unknown
2006-07-28
1.9CVE-2006-3812
OTHER-REF
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
OTHER-REF
BUGTRAQ
REDHAT
UBUNTU
UBUNTU
CERT-VN
SECUNIA
XF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
unknown
2006-08-01
2.3CVE-2006-3953
BUGTRAQ
BID
MyBB -- MyBBDirectory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
unknown
2006-08-01
2.3CVE-2006-3954
BUGTRAQ
BID
Opera Software -- Opera Web BrowserThe CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.
2006-07-26
2006-07-31
2.3CVE-2006-3945
BLOGSPOT
FRSIRT
OSVDB
XF
PHP Pro Bid -- PHP Pro BidCross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.
unknown
2006-07-31
2.3CVE-2006-3927
BUGTRAQ
BID
OSVDB
SECTRACK
SECUNIA
XF
PHP-Nuke -- INPCross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke INP allows remote attackers to inject arbitrary web script or HTML via the query parameter.
2006-07-28
2006-08-01
2.3CVE-2006-3948
BUGTRAQ
BID
PKR Internet -- TaskjitsuMultiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-08-01
2.3CVE-2006-3958
OTHER-REF
FRSIRT
SECUNIA
Scott Weedon -- Ajax ChatCross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
unknown
2006-08-02
2.3CVE-2006-3971
FULLDISC
BID
FRSIRT
SECUNIA
XF
Scott Weedon -- Ajax ChatDirectory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter.
unknown
2006-08-02
2.3CVE-2006-3972
FULLDISC
BID
FRSIRT
SECUNIA
XF
Sun -- SolarisThe TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
unknown
2006-07-28
2.3CVE-2006-3920
SUNALERT
FRSIRT
SECTRACK
SECUNIA
XF
Sun -- Java System Application Server
Sun -- Java Web Server
Sun -- Java System Web Server
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
unknown
2006-07-28
1.4CVE-2006-3921
SUNALERT
BID
SECTRACK
SECTRACK
FRSIRT
SECUNIA
Sun -- SolarisThe crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
unknown
2006-08-01
2.3CVE-2006-3968
SUNALERT
Tamarack Consulting -- Tamarack MMSdTamarack MMSd before 7.992 allows remote attackers to cause a denial of service (crash) via malformed RFC1006 (OSI over TCP/IP) packets.
unknown
2006-07-28
2.3CVE-2006-1178
OTHER-REF
CERT-VN
XF
BID
Total Online Solutions -- Advanced Webhost Billing SystemMultiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.
unknown
2006-08-01
2.3CVE-2006-3956
BUGTRAQ
SECUNIA
VMWare -- ESX ServerVMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.3 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
2006-05-12
2006-07-31
2.3CVE-2006-2481
OTHER-REF
xGuestBook -- xGuestBookpost.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.
unknown
2006-07-31
2.3CVE-2006-3937
BUGTRAQ
XF
ZyXEL Prestige -- 660H-61 ADSL RouterCross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
unknown
2006-07-31
2.3CVE-2006-3929
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF

Back to top

 

 

 

 

Last updated August 07, 2006

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top