U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-226)

Vulnerability Summary for the Week of August 7, 2006

Original release date: August 14, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Ageet -- AGEphoneStack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
2006-07-21
2006-08-09
7.0CVE-2006-4029
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Archangel Management -- Archangel WeblogMultiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
unknown
2006-08-11
7.0CVE-2006-4091
BUGTRAQ
BID
SECTRACK
XF
Barracuda Networks -- Barracuda Spam FirewallLogin.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
2006-05-28
2006-08-04
7.0CVE-2006-4001
BUGTRAQ
BID
XF
Barracuda Networks -- Barracuda Spam Firewallpreview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
unknown
2006-08-11
7.0CVE-2006-4081
BUGTRAQ
BUGTRAQ
Barracuda Networks -- Barracuda Spam FirewallBarracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
unknown
2006-08-11
7.0CVE-2006-4082
BUGTRAQ
Brad Fears -- phpCodeCabinetPHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.
unknown
2006-08-09
7.0CVE-2006-4044
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
CakePHP -- CakePHPCross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.
unknown
2006-08-09
7.0CVE-2006-4067
OTHER-REF
SECUNIA
CivicSpace -- CivicSpaceMultiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.
unknown
2006-08-11
7.0CVE-2006-4088
BUGTRAQ
BID
Clam Anti-Virus -- ClamAVHeap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
unknown
2006-08-08
7.0CVE-2006-4018
OTHER-REF
CLAMAV
GENTOO
MANDRIVA
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Comet -- Comet Webfile ManagerPHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.
unknown
2006-08-10
7.0CVE-2006-4077
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
2006-08-03
2006-08-04
7.0CVE-2006-3975
OTHER-REF
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
2006-08-03
2006-08-04
7.0CVE-2006-3977
OTHER-REF
SECUNIA
CounterChaos -- CounterChaosSQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
unknown
2006-08-09
7.0CVE-2006-4035
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Csaba Godor -- SAPID Blog Beta 2Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.
unknown
2006-08-09
7.0CVE-2006-4063
OTHER-REF
FRSIRT
XF
David Walker -- phpAutoMembersAreaPHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
unknown
2006-08-09
7.0CVE-2006-4050
BUGTRAQ
OTHER-REF
BID
DeluxeBB -- DeluxeBBpm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
unknown
2006-08-10
7.0CVE-2006-4078
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
DeluxeBB -- DeluxeBBCross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
unknown
2006-08-10
7.0CVE-2006-4079
BUGTRAQ
BID
XF
Ehmig -- ME Download SystemMultiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
7.0CVE-2006-4054
FRSIRT
SECUNIA
Ekilat LLC -- php(Reactor)PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
unknown
2006-08-04
7.0CVE-2006-3983
OTHER-REF
BID
FRSIRT
XF
Fenestrae -- Faxination ServerUnspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
unknown
2006-08-09
7.0CVE-2006-4037
OTHER-REF
BID
FRSIRT
SECUNIA
GaesteChaos -- GaesteChaosMultiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
unknown
2006-08-09
7.0CVE-2006-4038
FULLDISC
BID
FRSIRT
SECUNIA
Gianluca Baldo -- Phpauction
phpAdsNew -- phpAdsNew
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
unknown
2006-08-04
7.0CVE-2006-3984
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
IBM -- Informix IDSBuffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
unknown
2006-08-08
7.0CVE-2006-3853
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix Dynamic Database ServerMultiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
unknown
2006-08-08
7.0CVE-2006-3857
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
XF
XF
XF
XF
IBM -- Informix IDSBuffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
unknown
2006-08-08
7.0CVE-2006-3862
IBM
Jetbox -- Jetbox CMSSession fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
unknown
2006-08-08
7.0CVE-2006-3583
BUGTRAQ
OTHER-REF
SECUNIA
Jetbox -- CMSDynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
2006-07-14
2006-08-08
7.0CVE-2006-3584
BUGTRAQ
SECUNIA
SECUNIA
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.
unknown
2006-08-08
7.0CVE-2006-3585
BUGTRAQ
OTHER-REF
SECUNIA
Jetbox -- Jetbox CMSSQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
unknown
2006-08-08
7.0CVE-2006-3586
BUGTRAQ
OTHER-REF
SECUNIA
Knusperleicht -- QuickiePHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter.
unknown
2006-08-04
7.0CVE-2006-3982
BUGTRAQ
BID
Knusperleicht -- NewsletterPHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.
2006-08-01
2006-08-04
7.0CVE-2006-3986
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- GuestbookPHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.
unknown
2006-08-07
7.0CVE-2006-4007
BUGTRAQ
BID
XF
Knusperleicht -- FaqPHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.
unknown
2006-08-07
7.0CVE-2006-4008
BUGTRAQ
BID
XF
Macromedia -- ColdFusion MXThe AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
unknown
2006-08-09
7.0CVE-2006-3979
ADOBE
Mambo -- Mambo Gallery ManagerPHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-04
7.0CVE-2006-3980
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Mambo -- Mambo Gallery ManagerPHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-04
7.0CVE-2006-3981
FRSIRT
XF
Microsoft -- Hyperlink Object LibraryUnspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3438
MS
CERT
CERT-VN
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
unknown
2006-08-08
10.0CVE-2006-3439
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
unknown
2006-08-08
10.0CVE-2006-3440
MS
CERT
CERT-VN
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response.
unknown
2006-08-08
10.0CVE-2006-3441
MS
CERT
CERT-VN
Microsoft -- Windows 2000Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
unknown
2006-08-08
7.0CVE-2006-3444
MS
BID
Microsoft -- PowerPointUnspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3449
MS
CERT
CERT-VN
BUGTRAQ
OTHER-REF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
unknown
2006-08-08
7.0CVE-2006-3450
MS
CERT-VN
BID
CERT
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-08-08
7.0CVE-2006-3451
MS
CERT
CERT-VN
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3637
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, aka "COM Object Instantiation Memory Corruption Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3638
MS
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3639
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
unknown
2006-08-08
7.0CVE-2006-3648
MS
CERT
CERT-VN
FRSIRT
MIT -- Kerberos 5The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
unknown
2006-08-09
10.0CVE-2006-3084
OTHER-REF
CERT-VN
Mitch Murray -- EremoveBuffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
unknown
2006-08-09
7.0CVE-2006-4057
BUGTRAQ
OTHER-REF
BID
SECTRACK
ModernGigabyte -- ModernBillPHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
unknown
2006-08-09
7.0CVE-2006-4034
BUGTRAQ
OTHER-REF
BID
XF
myWebland -- myEventPHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
7.0CVE-2006-4083
FRSIRT
SECUNIA
Netious CMS -- Netious CMSNetious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
10.0CVE-2006-4048
FRSIRT
SECUNIA
Novell -- GroupWise WebAccessCross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
2006-05-26
2006-08-11
7.0CVE-2006-3817
FULLDISC
INFOBYTE
NOVELL
NOVELL
FRSIRT
SECUNIA
XF
OZJournals -- OZJournalsCross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
7.0CVE-2006-4086
FRSIRT
SECUNIA
phpCC -- phpCCMultiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.
2006-08-06
2006-08-10
7.0CVE-2006-4073
BUGTRAQ
Milw0rm
BID
FRSIRT
XF
PHPSavant -- Savant2Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php.
2006-07-21
2006-08-04
7.0CVE-2006-3990
BUGTRAQ
BID
SECTRACK
XF
Pike -- PikeSQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
unknown
2006-08-09
7.0CVE-2006-4041
PIKE
GENTOO
BID
FRSIRT
SECUNIA
SECUNIA
XF
Thomas Pequet -- phpPrintAnalyzerPHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter.
unknown
2006-08-09
7.0CVE-2006-4061
BUGTRAQ
BID
Torbstoff -- Torbstoff NewsPHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
unknown
2006-08-09
7.0CVE-2006-4045
OTHER-REF
FRSIRT
SECUNIA
Turnkey Web Tools -- PHP Live HelperPHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
2006-07-02
2006-08-09
7.0CVE-2006-4051
BUGTRAQ
ECHO
Milw0rm
BID
SECTRACK
Turnkey Web Tools -- PHP Simple ShopMultiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.
unknown
2006-08-09
7.0CVE-2006-4052
OTHER-REF
OTHER-REF
SECUNIA
User Home Pages -- User Home PagesMultiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-04
7.0CVE-2006-3995
OTHER-REF
OTHER-REF
BID
FRSIRT
OSVDB
OSVDB
SECUNIA
XF
USolved -- NEWSolved LiteMultiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
unknown
2006-08-09
7.0CVE-2006-4059
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Voc-Project -- Voodoo ChatPHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.
2006-08-01
2006-08-04
7.0CVE-2006-3991
Milw0rm
BID
FRSIRT
VWar -- Virtual WarSQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
unknown
2006-08-07
7.0CVE-2006-4010
BUGTRAQ
BID
Web-Scripts -- Visual Events CalendarPHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
unknown
2006-08-09
7.0CVE-2006-4060
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
Webligo -- BlogHosterCross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post."
unknown
2006-08-11
7.0CVE-2006-4090
BUGTRAQ
WoWRoster -- WoWRosterPHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
unknown
2006-08-04
7.0CVE-2006-3997
BUGTRAQ
OTHER-REF
BID
XF
SECUNIA
WoWRoster -- WoWRosterPHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
unknown
2006-08-04
7.0CVE-2006-3998
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
XennoBB -- XennoBBSQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
unknown
2006-08-08
7.0CVE-2006-4025
BUGTRAQ
BID
XMB Software -- XMB ForumSQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
unknown
2006-08-04
7.0CVE-2006-3994
OTHER-REF
BID
FRSIRT
SECUNIA
YenerTurk -- YenerTurk Haber ScriptSQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-08-09
7.0CVE-2006-4064
OTHER-REF
BID
FRSIRT
SECUNIA
ZoneMetrics -- ZoneX Publishers Gold EditionPHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-08-09
7.0CVE-2006-4036
BUGTRAQ
BID
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adaptive Technology Resource Centre -- ATutorSQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
unknown
2006-08-04
4.2CVE-2006-3996
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
unknown
2006-08-04
5.6CVE-2006-0395
OTHER-REF
APPLE
ChaosSoft -- GaesteChaosMultiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.
unknown
2006-08-09
4.7CVE-2006-4039
FULLDISC
BID
FRSIRT
SECUNIA
Club-Nuke -- Club-NukeMultiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp.
2006-08-08
2006-08-10
4.2CVE-2006-4072
Milw0rm
SECUNIA
ConeXware -- PowerArchiverStack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute narbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
2006-07-08
2006-08-04
5.6CVE-2006-3985
BUGTRAQ
OTHER-REF
POWERARCHIVER
FRSIRT
SECTRACK
SECUNIA
XF
David Walker -- phpAutoMembersAreaUnspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
unknown
2006-08-11
4.9CVE-2006-4084
OTHER-REF
Dmitry Sheiko -- SAPID ShopPHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.
unknown
2006-08-09
5.6CVE-2006-4062
OTHER-REF
FRSIRT
SECUNIA
XF
Dmitry Sheiko -- SAPID GalleryMultiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php.
unknown
2006-08-09
5.6CVE-2006-4065
OTHER-REF
FRSIRT
SECUNIA
XF
Ehmig -- ME Download SystemPHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
unknown
2006-08-09
5.6CVE-2006-4053
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Festalon -- FestalonThe FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
unknown
2006-08-08
5.6CVE-2006-4024
OTHER-REF
FRSIRT
SECUNIA
IBM -- Informix IDSUnspecified vulnerability in IBM Informix Dynamic Server (IDS) allows attackers to execute arbitrary C code via unspecified vectors involving the "C code UDR."
unknown
2006-08-08
4.9CVE-2006-3855
IBM
Imendio Planner -- Imendio PlannerFormat string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename.
unknown
2006-08-09
5.6CVE-2006-4070
BUGTRAQ
Intel -- 2915ABG PROSet/Wireless
Intel -- 2200BG PROSet/Wireless
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
unknown
2006-08-04
5.6CVE-2006-3992
INTEL
FRSIRT
CERT-VN
SECTRACK
BID
Intel -- 2100 PROSet/WirelessIntel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.
unknown
2006-08-08
4.9CVE-2006-4022
OTHER-REF
FRSIRT
SECTRACK
Internet Security Systems -- BlackICE PC ProtectionISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
unknown
2006-08-04
4.9CVE-2006-3999
BUGTRAQ
Joomla! -- JD-WikiPHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-10
5.6CVE-2006-4074
Milw0rm
JOOMLA!
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- FileManagerMultiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
2006-08-01
2006-08-04
5.6CVE-2006-3987
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
Knusperleicht -- newsReporterPHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3988
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- ShoutboxPHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3989
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
Lhaplus -- LhaplusHeap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.
unknown
2006-08-09
5.6CVE-2006-4033
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Microsoft -- Windows 2000Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
unknown
2006-08-08
5.6CVE-2006-3443
MS
BID
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerCross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
unknown
2006-08-08
4.2CVE-2006-3643
MS
CERT
CERT-VN
Microsoft -- Visual Basic for Applications SDKBuffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
unknown
2006-08-08
5.6CVE-2006-3649
MS
CERT
CERT-VN
MIT -- Kerberos 5The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
unknown
2006-08-09
6.0CVE-2006-3083
OTHER-REF
CERT-VN
REDHAT
mojoscripts.com -- mojoGalleryCross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
4.7CVE-2006-4087
FRSIRT
SECUNIA
myWebland -- myEventPHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
unknown
2006-08-09
4.7CVE-2006-4040
OTHER-REF
BID
FRSIRT
SECUNIA
myWebland -- myBloggieMultiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute abitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
unknown
2006-08-09
4.7CVE-2006-4042
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Netious CMS -- Netious CMSSQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
4.7CVE-2006-4047
FRSIRT
SECUNIA
Novell -- Groupwise WebAccessCross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
unknown
2006-08-11
4.7CVE-2006-3818
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Olaf Noehring -- The Search Engine ProjectPHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
4.7CVE-2006-4085
SECUNIA
Open Cubic Player -- Open Cubic PlayerMultiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
unknown
2006-08-09
4.7CVE-2006-4046
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
XF
XF
PC Tools -- PC Tools AntiVirusPC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
2006-07-19
2006-08-08
4.9CVE-2006-3114
BUGTRAQ
SECUNIA
BID
FRSIRT
SECTRACK
SECUNIA
XF
PHP -- PHPscanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
unknown
2006-08-08
4.9CVE-2006-4020
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SAPID -- SAPID CMSPHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
unknown
2006-08-08
5.6CVE-2006-4026
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECUNIA
XF
SaveWebPortal -- SaveWebPortalMultiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
unknown
2006-08-07
5.6CVE-2006-4012
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Symantec -- Brightmail AntiSpamMultiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
unknown
2006-08-07
4.7CVE-2006-4013
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
The Address Book Reloaded -- The Address Book Reloaded
The Address Book -- The Address Book
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
unknown
2006-08-09
5.6CVE-2006-4056
OTHER-REF
FRSIRT
SECUNIA
SECUNIA
TSEP -- TSEPPHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3993
BUGTRAQ
OTHER-REF
Milw0rm
SOURCEFORGE
BID
FRSIRT
SECUNIA
XF
SECTRACK
TSEP -- TSEPMultiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
unknown
2006-08-09
5.6CVE-2006-4055
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
vbPortal -- vbPortalDirectory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
unknown
2006-08-07
4.7CVE-2006-4004
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Wim Fleischhauer -- docpile:weMultiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
unknown
2006-08-10
5.6CVE-2006-4075
BUGTRAQ
Milw0rm
SECUNIA
XF
Wim Fleischhauer -- docpile:weMultiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-10
5.6CVE-2006-4076
SECUNIA
WordPress -- WordPressMultiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors.
unknown
2006-08-09
4.9CVE-2006-4028
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Andy Lo-A-Foe -- AlsaPlayerMultiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
unknown
2006-08-11
2.3CVE-2006-4089
BUGTRAQ
BID
Barracuda Networks -- Barracuda Spam FirewallDirectory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2006-08-04
1.4CVE-2006-4000
BUGTRAQ
BID
BomberClone -- BomberCloneBomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
unknown
2006-08-07
2.3CVE-2006-4005
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
BomberClone -- BomberCloneThe do_gameinfo functionin BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
unknown
2006-08-07
2.3CVE-2006-4006
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Cisco -- CallManager ExpressUnspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
unknown
2006-08-09
2.3CVE-2006-4032
BLACKHAT
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
DeluxeBB -- DeluxeBBDeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
unknown
2006-08-10
1.9CVE-2006-4080
BUGTRAQ
Drupal -- DrupalCross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
unknown
2006-08-07
2.3CVE-2006-4002
DRUPAL
FRSIRT
SECUNIA
Hobbit Monitor -- Hobbit MonitorThe config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.
unknown
2006-08-07
2.3CVE-2006-4003
BUGTRAQ
SOURCEFORGE
BID
FRSIRT
SECUNIA
XF
HP -- Procurve SwitchHewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
unknown
2006-08-07
2.3CVE-2006-4015
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
unknown
2006-08-08
1.6CVE-2006-3856
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
unknown
2006-08-08
1.6CVE-2006-3858
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
unknown
2006-08-08
2.0CVE-2006-3861
IBM
BID
FRSIRT
SECUNIA
XF
Inter Network Marketing AG -- G3 Content management SystemCross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
unknown
2006-08-07
2.3CVE-2006-4017
FULLDISC
BID
SECUNIA
FRSIRT
ISC -- DHCP serverThe supersede_lease function in memory.c in ISC DHCP server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid."
unknown
2006-08-09
2.3CVE-2006-3122
DEBIAN
DEBIAN
FRSIRT
SECUNIA
SECUNIA
Kayako -- eSupportPHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.
unknown
2006-08-07
1.9CVE-2006-4011
OTHER-REF
BID
SECUNIA
XF
Matt Blaze -- Cryptographic File SystemMultiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
unknown
2006-08-07
1.6CVE-2006-3123
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
unknown
2006-08-08
2.3CVE-2006-3640
MS
FRSIRT
SECUNIA
Microsoft -- Windows XPThe Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
unknown
2006-08-09
1.9CVE-2006-4066
BUGTRAQ
BUGTRAQ
FRSIRT
XF
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
2006-06-24
2006-08-09
1.9CVE-2006-4071
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
FRSIRT
SECUNIA
MySQL -- MySQLMySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
unknown
2006-08-09
1.6CVE-2006-4031
MYSQL
MYSQL
MYSQL
BID
FRSIRT
SECTRACK
SECUNIA
myWebland -- myBloggieindex.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
unknown
2006-08-09
2.3CVE-2006-4043
BUGTRAQ
ALTERVISTA
Milw0rm
SECUNIA
OZJournals -- OZJournalsMultiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action.
unknown
2006-08-09
2.3CVE-2006-4069
OTHER-REF
FRSIRT
SECUNIA
PHP -- PHPThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
2006-07-29
2006-08-08
2.3CVE-2006-4023
BUGTRAQ
BUGTRAQ
ALTERVISTA
SECTRACK
pswd.js -- pswd.jsThe pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks.
unknown
2006-08-09
2.3CVE-2006-4068
BUGTRAQ
BID
Simpliciti -- Locked BrowserSimpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
unknown
2006-08-11
3.3CVE-2006-4092
BUGTRAQ
Simplog -- SimplogCross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
unknown
2006-08-09
2.3CVE-2006-4058
BUGTRAQ
FRSIRT
SECUNIA
Sun -- Sun Ray Server SoftwareUnspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
unknown
2006-08-09
1.6CVE-2006-4049
SUNALERT
Symantec -- On-Demand Agent
Symantec -- On-Demand Protection
Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.
unknown
2006-08-04
1.6CVE-2006-3457
BUGTRAQ
OTHER-REF
FRSIRT
Symantec -- Brightmail AntiSpamSymantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
unknown
2006-08-07
2.3CVE-2006-4014
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Toenda Software Development -- toendaCMSCross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.
unknown
2006-08-07
2.3CVE-2006-4016
BUGTRAQ
OTHER-REF
BID
VWar -- Virtual WarCross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2006-08-07
2.3CVE-2006-4009
BUGTRAQ
BID

Back to top

 

 

 

 

Last updated August 14, 2006

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Ageet -- AGEphoneStack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
2006-07-21
2006-08-09
7.0CVE-2006-4029
BUGTRAQ
FULLDISC
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Archangel Management -- Archangel WeblogMultiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
unknown
2006-08-11
7.0CVE-2006-4091
BUGTRAQ
BID
SECTRACK
XF
Barracuda Networks -- Barracuda Spam FirewallLogin.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
2006-05-28
2006-08-04
7.0CVE-2006-4001
BUGTRAQ
BID
XF
Barracuda Networks -- Barracuda Spam Firewallpreview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.
unknown
2006-08-11
7.0CVE-2006-4081
BUGTRAQ
BUGTRAQ
Barracuda Networks -- Barracuda Spam FirewallBarracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
unknown
2006-08-11
7.0CVE-2006-4082
BUGTRAQ
Brad Fears -- phpCodeCabinetPHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.
unknown
2006-08-09
7.0CVE-2006-4044
FULLDISC
OTHER-REF
BID
FRSIRT
SECUNIA
CakePHP -- CakePHPCross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.
unknown
2006-08-09
7.0CVE-2006-4067
OTHER-REF
SECUNIA
CivicSpace -- CivicSpaceMultiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.
unknown
2006-08-11
7.0CVE-2006-4088
BUGTRAQ
BID
Clam Anti-Virus -- ClamAVHeap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
unknown
2006-08-08
7.0CVE-2006-4018
OTHER-REF
CLAMAV
GENTOO
MANDRIVA
BID
FRSIRT
SECUNIA
SECUNIA
SECUNIA
Comet -- Comet Webfile ManagerPHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter.
unknown
2006-08-10
7.0CVE-2006-4077
OTHER-REF
BID
FRSIRT
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
2006-08-03
2006-08-04
7.0CVE-2006-3975
OTHER-REF
SECUNIA
Computer Associates -- eTrust Antivirus WebScanUnspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
2006-08-03
2006-08-04
7.0CVE-2006-3977
OTHER-REF
SECUNIA
CounterChaos -- CounterChaosSQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
unknown
2006-08-09
7.0CVE-2006-4035
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Csaba Godor -- SAPID Blog Beta 2Multiple PHP remote file inclusion vulnerabilities in Csaba Godor SAPID Blog Beta 2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_blog_infochannel.inc.php, (b) usr/extensions/get_blog_meta_info.inc.php, or (c) usr/extensions/get_infochannel.inc.php; or the (2) GLOBALS[root_path] parameter to (d) usr/extensions/get_tree.inc.php.
unknown
2006-08-09
7.0CVE-2006-4063
OTHER-REF
FRSIRT
XF
David Walker -- phpAutoMembersAreaPHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
unknown
2006-08-09
7.0CVE-2006-4050
BUGTRAQ
OTHER-REF
BID
DeluxeBB -- DeluxeBBpm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter.
unknown
2006-08-10
7.0CVE-2006-4078
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
DeluxeBB -- DeluxeBBCross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field).
unknown
2006-08-10
7.0CVE-2006-4079
BUGTRAQ
BID
XF
Ehmig -- ME Download SystemMultiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
7.0CVE-2006-4054
FRSIRT
SECUNIA
Ekilat LLC -- php(Reactor)PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
unknown
2006-08-04
7.0CVE-2006-3983
OTHER-REF
BID
FRSIRT
XF
Fenestrae -- Faxination ServerUnspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
unknown
2006-08-09
7.0CVE-2006-4037
OTHER-REF
BID
FRSIRT
SECUNIA
GaesteChaos -- GaesteChaosMultiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
unknown
2006-08-09
7.0CVE-2006-4038
FULLDISC
BID
FRSIRT
SECUNIA
Gianluca Baldo -- Phpauction
phpAdsNew -- phpAdsNew
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
unknown
2006-08-04
7.0CVE-2006-3984
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
IBM -- Informix IDSBuffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
unknown
2006-08-08
7.0CVE-2006-3853
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix Dynamic Database ServerMultiple buffer overflows in IBM Informix Dynamic Server (IDS) before 9.40.TC6 and 10.00 before 10.00.TC3 allow remote authenticated users to execute arbitrary code via (1) the getname function, as used by (a) _sq_remview, (b) _sq_remproc, (c) _sq_remperms, (d) _sq_distfetch, and (e) _sq_dcatalog; and the (2) SET DEBUG FILE, (3) IFX_FILE_TO_FILE, (4) FILETOCLOB, (5) LOTOFILE, and (6) DBINFO functions (product defect IDs 171649, 171367, 171387, 171391, 171906, 172179).
unknown
2006-08-08
7.0CVE-2006-3857
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
XF
XF
XF
XF
IBM -- Informix IDSBuffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
unknown
2006-08-08
7.0CVE-2006-3862
IBM
Jetbox -- Jetbox CMSSession fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
unknown
2006-08-08
7.0CVE-2006-3583
BUGTRAQ
OTHER-REF
SECUNIA
Jetbox -- CMSDynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
2006-07-14
2006-08-08
7.0CVE-2006-3584
BUGTRAQ
SECUNIA
SECUNIA
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.
unknown
2006-08-08
7.0CVE-2006-3585
BUGTRAQ
OTHER-REF
SECUNIA
Jetbox -- Jetbox CMSSQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
unknown
2006-08-08
7.0CVE-2006-3586
BUGTRAQ
OTHER-REF
SECUNIA
Knusperleicht -- QuickiePHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter.
unknown
2006-08-04
7.0CVE-2006-3982
BUGTRAQ
BID
Knusperleicht -- NewsletterPHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.
2006-08-01
2006-08-04
7.0CVE-2006-3986
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- GuestbookPHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.
unknown
2006-08-07
7.0CVE-2006-4007
BUGTRAQ
BID
XF
Knusperleicht -- FaqPHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.
unknown
2006-08-07
7.0CVE-2006-4008
BUGTRAQ
BID
XF
Macromedia -- ColdFusion MXThe AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
unknown
2006-08-09
7.0CVE-2006-3979
ADOBE
Mambo -- Mambo Gallery ManagerPHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-04
7.0CVE-2006-3980
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Mambo -- Mambo Gallery ManagerPHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-04
7.0CVE-2006-3981
FRSIRT
XF
Microsoft -- Hyperlink Object LibraryUnspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3438
MS
CERT
CERT-VN
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
unknown
2006-08-08
10.0CVE-2006-3439
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
unknown
2006-08-08
10.0CVE-2006-3440
MS
CERT
CERT-VN
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response.
unknown
2006-08-08
10.0CVE-2006-3441
MS
CERT
CERT-VN
Microsoft -- Windows 2000Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
unknown
2006-08-08
7.0CVE-2006-3444
MS
BID
Microsoft -- PowerPointUnspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3449
MS
CERT
CERT-VN
BUGTRAQ
OTHER-REF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
unknown
2006-08-08
7.0CVE-2006-3450
MS
CERT-VN
BID
CERT
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-08-08
7.0CVE-2006-3451
MS
CERT
CERT-VN
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML file that leads to memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3637
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, aka "COM Object Instantiation Memory Corruption Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3638
MS
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute code via unspecified vectors involving a crafted web page, aka "Source Element Cross-Domain Vulnerability."
unknown
2006-08-08
7.0CVE-2006-3639
MS
CERT
CERT-VN
FRSIRT
SECUNIA
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
unknown
2006-08-08
7.0CVE-2006-3648
MS
CERT
CERT-VN
FRSIRT
MIT -- Kerberos 5The (1) ftpd and (2) ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
unknown
2006-08-09
10.0CVE-2006-3084
OTHER-REF
CERT-VN
Mitch Murray -- EremoveBuffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
unknown
2006-08-09
7.0CVE-2006-4057
BUGTRAQ
OTHER-REF
BID
SECTRACK
ModernGigabyte -- ModernBillPHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
unknown
2006-08-09
7.0CVE-2006-4034
BUGTRAQ
OTHER-REF
BID
XF
myWebland -- myEventPHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
7.0CVE-2006-4083
FRSIRT
SECUNIA
Netious CMS -- Netious CMSNetious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
10.0CVE-2006-4048
FRSIRT
SECUNIA
Novell -- GroupWise WebAccessCross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess 6.5 and 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via an encoded SCRIPT element in an e-mail message with the UTF-7 character set, as demonstrated by the "+ADw-SCRIPT+AD4-" sequence.
2006-05-26
2006-08-11
7.0CVE-2006-3817
FULLDISC
INFOBYTE
NOVELL
NOVELL
FRSIRT
SECUNIA
XF
OZJournals -- OZJournalsCross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
7.0CVE-2006-4086
FRSIRT
SECUNIA
phpCC -- phpCCMultiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.
2006-08-06
2006-08-10
7.0CVE-2006-4073
BUGTRAQ
Milw0rm
BID
FRSIRT
XF
PHPSavant -- Savant2Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php.
2006-07-21
2006-08-04
7.0CVE-2006-3990
BUGTRAQ
BID
SECTRACK
XF
Pike -- PikeSQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
unknown
2006-08-09
7.0CVE-2006-4041
PIKE
GENTOO
BID
FRSIRT
SECUNIA
SECUNIA
XF
Thomas Pequet -- phpPrintAnalyzerPHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter.
unknown
2006-08-09
7.0CVE-2006-4061
BUGTRAQ
BID
Torbstoff -- Torbstoff NewsPHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
unknown
2006-08-09
7.0CVE-2006-4045
OTHER-REF
FRSIRT
SECUNIA
Turnkey Web Tools -- PHP Live HelperPHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
2006-07-02
2006-08-09
7.0CVE-2006-4051
BUGTRAQ
ECHO
Milw0rm
BID
SECTRACK
Turnkey Web Tools -- PHP Simple ShopMultiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.
unknown
2006-08-09
7.0CVE-2006-4052
OTHER-REF
OTHER-REF
SECUNIA
User Home Pages -- User Home PagesMultiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-04
7.0CVE-2006-3995
OTHER-REF
OTHER-REF
BID
FRSIRT
OSVDB
OSVDB
SECUNIA
XF
USolved -- NEWSolved LiteMultiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
unknown
2006-08-09
7.0CVE-2006-4059
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Voc-Project -- Voodoo ChatPHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.
2006-08-01
2006-08-04
7.0CVE-2006-3991
Milw0rm
BID
FRSIRT
VWar -- Virtual WarSQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
unknown
2006-08-07
7.0CVE-2006-4010
BUGTRAQ
BID
Web-Scripts -- Visual Events CalendarPHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
unknown
2006-08-09
7.0CVE-2006-4060
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
Webligo -- BlogHosterCross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post."
unknown
2006-08-11
7.0CVE-2006-4090
BUGTRAQ
WoWRoster -- WoWRosterPHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
unknown
2006-08-04
7.0CVE-2006-3997
BUGTRAQ
OTHER-REF
BID
XF
SECUNIA
WoWRoster -- WoWRosterPHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
unknown
2006-08-04
7.0CVE-2006-3998
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
XennoBB -- XennoBBSQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
unknown
2006-08-08
7.0CVE-2006-4025
BUGTRAQ
BID
XMB Software -- XMB ForumSQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
unknown
2006-08-04
7.0CVE-2006-3994
OTHER-REF
BID
FRSIRT
SECUNIA
YenerTurk -- YenerTurk Haber ScriptSQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-08-09
7.0CVE-2006-4064
OTHER-REF
BID
FRSIRT
SECUNIA
ZoneMetrics -- ZoneX Publishers Gold EditionPHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-08-09
7.0CVE-2006-4036
BUGTRAQ
BID
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adaptive Technology Resource Centre -- ATutorSQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
unknown
2006-08-04
4.2CVE-2006-3996
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary code via crafted file types.
unknown
2006-08-04
5.6CVE-2006-0395
OTHER-REF
APPLE
ChaosSoft -- GaesteChaosMultiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.
unknown
2006-08-09
4.7CVE-2006-4039
FULLDISC
BID
FRSIRT
SECUNIA
Club-Nuke -- Club-NukeMultiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp.
2006-08-08
2006-08-10
4.2CVE-2006-4072
Milw0rm
SECUNIA
ConeXware -- PowerArchiverStack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute narbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
2006-07-08
2006-08-04
5.6CVE-2006-3985
BUGTRAQ
OTHER-REF
POWERARCHIVER
FRSIRT
SECTRACK
SECUNIA
XF
David Walker -- phpAutoMembersAreaUnspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
unknown
2006-08-11
4.9CVE-2006-4084
OTHER-REF
Dmitry Sheiko -- SAPID ShopPHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.
unknown
2006-08-09
5.6CVE-2006-4062
OTHER-REF
FRSIRT
SECUNIA
XF
Dmitry Sheiko -- SAPID GalleryMultiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter to (a) usr/extensions/get_calendar.inc.php or the (2) GLOBALS[root_path] parameter to (b) usr/extensions/get_tree.inc.php.
unknown
2006-08-09
5.6CVE-2006-4065
OTHER-REF
FRSIRT
SECUNIA
XF
Ehmig -- ME Download SystemPHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
unknown
2006-08-09
5.6CVE-2006-4053
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Festalon -- FestalonThe FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
unknown
2006-08-08
5.6CVE-2006-4024
OTHER-REF
FRSIRT
SECUNIA
IBM -- Informix IDSUnspecified vulnerability in IBM Informix Dynamic Server (IDS) allows attackers to execute arbitrary C code via unspecified vectors involving the "C code UDR."
unknown
2006-08-08
4.9CVE-2006-3855
IBM
Imendio Planner -- Imendio PlannerFormat string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename.
unknown
2006-08-09
5.6CVE-2006-4070
BUGTRAQ
Intel -- 2915ABG PROSet/Wireless
Intel -- 2200BG PROSet/Wireless
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
unknown
2006-08-04
5.6CVE-2006-3992
INTEL
FRSIRT
CERT-VN
SECTRACK
BID
Intel -- 2100 PROSet/WirelessIntel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.
unknown
2006-08-08
4.9CVE-2006-4022
OTHER-REF
FRSIRT
SECTRACK
Internet Security Systems -- BlackICE PC ProtectionISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
unknown
2006-08-04
4.9CVE-2006-3999
BUGTRAQ
Joomla! -- JD-WikiPHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-08-10
5.6CVE-2006-4074
Milw0rm
JOOMLA!
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- FileManagerMultiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
2006-08-01
2006-08-04
5.6CVE-2006-3987
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
Knusperleicht -- newsReporterPHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3988
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Knusperleicht -- ShoutboxPHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3989
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
Lhaplus -- LhaplusHeap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.
unknown
2006-08-09
5.6CVE-2006-4033
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Microsoft -- Windows 2000Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
unknown
2006-08-08
5.6CVE-2006-3443
MS
BID
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerCross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
unknown
2006-08-08
4.2CVE-2006-3643
MS
CERT
CERT-VN
Microsoft -- Visual Basic for Applications SDKBuffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
unknown
2006-08-08
5.6CVE-2006-3649
MS
CERT
CERT-VN
MIT -- Kerberos 5The (1) krshd and (2) v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
unknown
2006-08-09
6.0CVE-2006-3083
OTHER-REF
CERT-VN
REDHAT
mojoscripts.com -- mojoGalleryCross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
4.7CVE-2006-4087
FRSIRT
SECUNIA
myWebland -- myEventPHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
unknown
2006-08-09
4.7CVE-2006-4040
OTHER-REF
BID
FRSIRT
SECUNIA
myWebland -- myBloggieMultiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute abitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
unknown
2006-08-09
4.7CVE-2006-4042
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
Netious CMS -- Netious CMSSQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-09
4.7CVE-2006-4047
FRSIRT
SECUNIA
Novell -- Groupwise WebAccessCross-site scripting (XSS) vulnerability in the login page in Novell GroupWise WebAccess 6.5 before 20060721 and WebAccess 7 before 20060727 allows remote attackers to inject arbitrary web script or HTML via the GWAP.version parameter.
unknown
2006-08-11
4.7CVE-2006-3818
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Olaf Noehring -- The Search Engine ProjectPHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-11
4.7CVE-2006-4085
SECUNIA
Open Cubic Player -- Open Cubic PlayerMultiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
unknown
2006-08-09
4.7CVE-2006-4046
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
XF
XF
XF
PC Tools -- PC Tools AntiVirusPC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the "PC Tools AntiVirus" directory, which allows local users to gain privileges and execute commands.
2006-07-19
2006-08-08
4.9CVE-2006-3114
BUGTRAQ
SECUNIA
BID
FRSIRT
SECTRACK
SECUNIA
XF
PHP -- PHPscanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
unknown
2006-08-08
4.9CVE-2006-4020
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SAPID -- SAPID CMSPHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
unknown
2006-08-08
5.6CVE-2006-4026
BUGTRAQ
BID
OTHER-REF
FRSIRT
SECUNIA
XF
SaveWebPortal -- SaveWebPortalMultiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
unknown
2006-08-07
5.6CVE-2006-4012
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Symantec -- Brightmail AntiSpamMultiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
unknown
2006-08-07
4.7CVE-2006-4013
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
The Address Book Reloaded -- The Address Book Reloaded
The Address Book -- The Address Book
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
unknown
2006-08-09
5.6CVE-2006-4056
OTHER-REF
FRSIRT
SECUNIA
SECUNIA
TSEP -- TSEPPHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
2006-08-01
2006-08-04
5.6CVE-2006-3993
BUGTRAQ
OTHER-REF
Milw0rm
SOURCEFORGE
BID
FRSIRT
SECUNIA
XF
SECTRACK
TSEP -- TSEPMultiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
unknown
2006-08-09
5.6CVE-2006-4055
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
vbPortal -- vbPortalDirectory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
unknown
2006-08-07
4.7CVE-2006-4004
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Wim Fleischhauer -- docpile:weMultiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php.
unknown
2006-08-10
5.6CVE-2006-4075
BUGTRAQ
Milw0rm
SECUNIA
XF
Wim Fleischhauer -- docpile:weMultiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-08-10
5.6CVE-2006-4076
SECUNIA
WordPress -- WordPressMultiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors.
unknown
2006-08-09
4.9CVE-2006-4028
OTHER-REF
BID
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Andy Lo-A-Foe -- AlsaPlayerMultiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
unknown
2006-08-11
2.3CVE-2006-4089
BUGTRAQ
BID
Barracuda Networks -- Barracuda Spam FirewallDirectory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2006-08-04
1.4CVE-2006-4000
BUGTRAQ
BID
BomberClone -- BomberCloneBomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
unknown
2006-08-07
2.3CVE-2006-4005
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
BomberClone -- BomberCloneThe do_gameinfo functionin BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
unknown
2006-08-07
2.3CVE-2006-4006
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Cisco -- CallManager ExpressUnspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
unknown
2006-08-09
2.3CVE-2006-4032
BLACKHAT
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
DeluxeBB -- DeluxeBBDeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks.
unknown
2006-08-10
1.9CVE-2006-4080
BUGTRAQ
Drupal -- DrupalCross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
unknown
2006-08-07
2.3CVE-2006-4002
DRUPAL
FRSIRT
SECUNIA
Hobbit Monitor -- Hobbit MonitorThe config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.
unknown
2006-08-07
2.3CVE-2006-4003
BUGTRAQ
SOURCEFORGE
BID
FRSIRT
SECUNIA
XF
HP -- Procurve SwitchHewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
unknown
2006-08-07
2.3CVE-2006-4015
HP
BID
FRSIRT
SECTRACK
SECUNIA
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
unknown
2006-08-08
1.6CVE-2006-3856
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
unknown
2006-08-08
1.6CVE-2006-3858
IBM
BID
FRSIRT
SECUNIA
XF
IBM -- Informix IDSIBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
unknown
2006-08-08
2.0CVE-2006-3861
IBM
BID
FRSIRT
SECUNIA
XF
Inter Network Marketing AG -- G3 Content management SystemCross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
unknown
2006-08-07
2.3CVE-2006-4017
FULLDISC
BID
SECUNIA
FRSIRT
ISC -- DHCP serverThe supersede_lease function in memory.c in ISC DHCP server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-identifier, which causes the packet to be interpreted as a corrupt uid and causes the server to exit with "corrupt lease uid."
unknown
2006-08-09
2.3CVE-2006-3122
DEBIAN
DEBIAN
FRSIRT
SECUNIA
SECUNIA
Kayako -- eSupportPHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.
unknown
2006-08-07
1.9CVE-2006-4011
OTHER-REF
BID
SECUNIA
XF
Matt Blaze -- Cryptographic File SystemMultiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
unknown
2006-08-07
1.6CVE-2006-3123
OTHER-REF
DEBIAN
BID
FRSIRT
SECUNIA
SECUNIA
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other domains or zones, aka "Window Location Information Disclosure Vulnerability."
unknown
2006-08-08
2.3CVE-2006-3640
MS
FRSIRT
SECUNIA
Microsoft -- Windows XPThe Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.
unknown
2006-08-09
1.9CVE-2006-4066
BUGTRAQ
BUGTRAQ
FRSIRT
XF
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
2006-06-24
2006-08-09
1.9CVE-2006-4071
BUGTRAQ
BUGTRAQ
FULLDISC
FULLDISC
FRSIRT
SECUNIA
MySQL -- MySQLMySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
unknown
2006-08-09
1.6CVE-2006-4031
MYSQL
MYSQL
MYSQL
BID
FRSIRT
SECTRACK
SECUNIA
myWebland -- myBloggieindex.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
unknown
2006-08-09
2.3CVE-2006-4043
BUGTRAQ
ALTERVISTA
Milw0rm
SECUNIA
OZJournals -- OZJournalsMultiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action.
unknown
2006-08-09
2.3CVE-2006-4069
OTHER-REF
FRSIRT
SECUNIA
PHP -- PHPThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
2006-07-29
2006-08-08
2.3CVE-2006-4023
BUGTRAQ
BUGTRAQ
ALTERVISTA
SECTRACK
pswd.js -- pswd.jsThe pswd.js script relies on the client to calculate whether a username and password for a server match hard-coded hashed values, which allows remote attackers to obtain a username and password by downloading pswd.js and conducting brute-force offline attacks.
unknown
2006-08-09
2.3CVE-2006-4068
BUGTRAQ
BID
Simpliciti -- Locked BrowserSimpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
unknown
2006-08-11
3.3CVE-2006-4092
BUGTRAQ
Simplog -- SimplogCross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
unknown
2006-08-09
2.3CVE-2006-4058
BUGTRAQ
FRSIRT
SECUNIA
Sun -- Sun Ray Server SoftwareUnspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
unknown
2006-08-09
1.6CVE-2006-4049
SUNALERT
Symantec -- On-Demand Agent
Symantec -- On-Demand Protection
Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method.
unknown
2006-08-04
1.6CVE-2006-3457
BUGTRAQ
OTHER-REF
FRSIRT
Symantec -- Brightmail AntiSpamSymantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
unknown
2006-08-07
2.3CVE-2006-4014
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Toenda Software Development -- toendaCMSCross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.
unknown
2006-08-07
2.3CVE-2006-4016
BUGTRAQ
OTHER-REF
BID
VWar -- Virtual WarCross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2006-08-07
2.3CVE-2006-4009
BUGTRAQ
BID

Back to top

 

 

 

 

Last updated August 14, 2006

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top