Vulnerability Summary for the Week of September 4, 2006

Released
Sep 11, 2006
Document ID
SB06-254

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
8pixel.net -- Simple BlogIncomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.
unknown
2006-09-06
7.0CVE-2006-4592
OTHER-REF
BID
FRSIRT
SECUNIA
AlstraSoft -- Template Seller
AlstraSoft -- Template Seller Pro
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
unknown
2006-09-06
7.0CVE-2006-4591
BUGTRAQ
BID
ALWIL -- avast! AntivirusHeap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow.
unknown
2006-09-07
7.0CVE-2006-4626
OTHER-REF
Annuaire -- 1TwoSQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-09-06
7.0CVE-2006-4601
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Autentificator -- AutentificatorSQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2006-09-06
7.0CVE-2006-4599
BUGTRAQ
BID
FRSIRT
SECUNIA
Bare Concept Media -- Pheap CMSPHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
unknown
2006-09-01
7.0CVE-2006-4531
OTHER-REF
BID
XF
BUGTRAQ
FRSIRT
OSVDB
SECTRACK
SECUNIA
Bare Concept Media -- Pheap CMSPHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531.
unknown
2006-09-06
7.0CVE-2006-4621
FRSIRT
SECUNIA
Bernard Pacques -- Yet Another Community System CMSPHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.
unknown
2006-09-01
7.0CVE-2006-4532
OTHER-REF
XF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Bernard Pacques -- Yet Another Community System CMSMultiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532.
unknown
2006-09-05
7.0CVE-2006-4559
OTHER-REF
SECUNIA
Bugada Andrea -- PHP Advanced Transfer ManagerMultiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.
unknown
2006-09-06
7.0CVE-2006-4594
OTHER-REF
BID
XF
Cerberus -- Cerberus Helpdesk(1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-05
7.0CVE-2006-4539
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
CHXO -- FeedsplitterEval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.
unknown
2006-09-05
7.0CVE-2006-4551
BUGTRAQ
CHXO -- FeedsplitterCross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.
unknown
2006-09-05
7.0CVE-2006-4552
BUGTRAQ
CMS Frogss -- CMS FrogssSQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
unknown
2006-09-05
7.0CVE-2006-4536
OTHER-REF
OTHER-REF
BID
XF
ComScripts -- AnnonceVPHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2006-09-06
7.0CVE-2006-4622
BUGTRAQ
OTHER-REF
Darrens $5 Script Archive -- FlashChatMultiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php.
unknown
2006-09-06
7.0CVE-2006-4583
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
DeluxeBB -- DeluxeBBDeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php.
unknown
2006-09-05
7.0CVE-2006-4558
BUGTRAQ
OTHER-REF
SECUNIA
XF
Devellion -- CubeCartSQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.
unknown
2006-09-01
7.0CVE-2006-4526
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Digi International Inc -- AnywhereUSB/5Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
2006-07-24
2006-09-05
7.0CVE-2006-4459
BUGTRAQ
OTHER-REF
BID
SECUNIA
Digiappz -- FreekotMultiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
unknown
2006-09-01
7.0CVE-2006-4524
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Dsocks -- DsocksBuffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name.
unknown
2006-09-06
7.0CVE-2006-4611
BUGTRAQ
OTHER-REF
BID
DynCMS -- DynCMSPHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter.
unknown
2006-09-06
7.0CVE-2006-4589
OTHER-REF
BID
SECUNIA
e107.org -- e107 website systeme107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
unknown
2006-09-05
7.0CVE-2006-4548
BUGTRAQ
OTHER-REF
ExBB -- ExBBMultiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.
unknown
2006-09-05
7.0CVE-2006-4544
BUGTRAQ
OTHER-REF
SECTRACK
GNU -- MailmanMailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
unknown
2006-09-05
7.0CVE-2006-2941
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
BID
XF
GNU -- MailmanMultiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-05
7.0CVE-2006-3636
OTHER-REF
FRSIRT
SECUNIA
BID
XF
GrapAgenda -- GrapAgendaPHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
unknown
2006-09-06
7.0CVE-2006-4610
BUGTRAQ
OTHER-REF
HLstats -- HLstatsCross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.
unknown
2006-09-05
7.0CVE-2006-4543
BUGTRAQ
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.
unknown
2006-09-01
7.0CVE-2006-4522
AIXAPAR
AIXAPAR
SECUNIA
BID
FRSIRT
ICBlogger -- ICBloggerSQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter.
unknown
2006-09-06
7.0CVE-2006-4597
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
Jetstat.com -- JS ASP Faq ManagerSQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-06
7.0CVE-2006-4590
BID
FRSIRT
OSVDB
SECUNIA
XF
John Andersson -- ZixForumSQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.
unknown
2006-09-06
7.0CVE-2006-4612
BUGTRAQ
Joomla! -- com_comprofiler Component
Mambo -- com_comprofiler Component
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
2006-08-25
2006-09-05
7.0CVE-2006-4553
BUGTRAQ
BID
Julian Pawlowski -- CAPI4HylaFAXc2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
unknown
2006-09-05
7.0CVE-2006-3126
OTHER-REF
DEBIAN
SECUNIA
SECUNIA
FRSIRT
KDE -- kdebaseThe KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
unknown
2006-09-06
10.0CVE-2006-3742
FEDORA
Lanifex -- LanifexPHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter.
2006-08-30
2006-09-06
7.0CVE-2006-4604
Milw0rm
BID
XF
Learn.com -- LearnCenterCross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter.
unknown
2006-09-05
7.0CVE-2006-4540
BUGTRAQ
SECUNIA
BID
OSVDB
XF
Longino -- Jacome php-RevistaPHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.
unknown
2006-09-06
7.0CVE-2006-4605
BUGTRAQ
SECUNIA
Longino -- Jacome php-RevistaMultiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
unknown
2006-09-06
7.0CVE-2006-4606
BUGTRAQ
SECUNIA
Longino -- Jacome php-Revistaadmin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1.
unknown
2006-09-06
10.0CVE-2006-4607
BUGTRAQ
SECUNIA
Longino -- Jacome php-RevistaMultiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php.
unknown
2006-09-06
7.0CVE-2006-4608
BUGTRAQ
SECUNIA
Mambo -- JIM Component
Joomla! -- JIM Component
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242.
unknown
2006-09-05
7.0CVE-2006-4556
BUGTRAQ
BUGTRAQ
Membrepass -- membrepassSQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter.
unknown
2006-09-01
7.0CVE-2006-4529
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Membrepass -- membrepassDirect static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php.
unknown
2006-09-01
7.0CVE-2006-4530
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Microsoft -- Internet ExplorerInternet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
unknown
2006-09-05
7.0CVE-2006-4560
BUGTRAQ
OTHER-REF
OTHER-REF
ModuleBased CMS -- ModuleBased CMS** DISPUTED ** PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker.
unknown
2006-09-05
7.0CVE-2006-4545
BUGTRAQ
MLIST
BID
Mozilla -- FirefoxMozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running.
unknown
2006-09-05
7.0CVE-2006-4561
BUGTRAQ
OTHER-REF
OTHER-REF
MyBace Light -- MyBace LightPHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php.
unknown
2006-09-06
7.0CVE-2006-4596
OTHER-REF
FRSIRT
SECUNIA
NCH Software -- Swift Sound Web DictateNCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.
unknown
2006-09-06
10.0CVE-2006-4603
BUGTRAQ
BID
PHP-Nuke -- MyHeadlinesCross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-05
7.0CVE-2006-4563
BID
FRSIRT
SECUNIA
XF
Plume CMS -- Plume CMSMultiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the $_PX_config['manager_path'] parameter to (1) articles.php, 2) categories.php, 3) news.php, 4) prefs.php, 5) (sites.php, 6) subtypes.php, 7) users.php, 8) xmedia.php, 9) (frontinc/class.template.php, 10) inc/lib.text.php, 11) (install/index.php, 12) install/upgrade.php, and 13) (tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725.
unknown
2006-09-01
7.0CVE-2006-4533
OTHER-REF
BID
Retro64 -- CR64Loader ActiveX ControlBuffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control.
unknown
2006-09-05
7.0CVE-2006-4555
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Robert Jewell -- Discloser** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute.
unknown
2006-09-05
7.0CVE-2006-4557
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
SoftBB -- SoftBBCross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
unknown
2006-09-06
7.0CVE-2006-4593
BUGTRAQ
BID
ssLinks -- ssLinksMultiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action.
unknown
2006-09-06
7.0CVE-2006-4598
BUGTRAQ
BID
FRSIRT
SECUNIA
TikiWiki Project -- TikiWikiUnrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory.
unknown
2006-09-06
7.0CVE-2006-4602
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Tr Forum -- Tr ForumTr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
unknown
2006-09-06
7.0CVE-2006-4584
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
vtiger -- vtiger CRMMultiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module.
unknown
2006-09-06
7.0CVE-2006-4587
OTHER-REF
BID
FRSIRT
SECUNIA
vtiger -- vtiger CRMvtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
unknown
2006-09-06
7.0CVE-2006-4588
OTHER-REF
BID
FRSIRT
SECUNIA
Vtiger -- Vtiger CRMUnrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.
unknown
2006-09-06
7.0CVE-2006-4617
OTHER-REF
Webmin -- Usermin
Webmin -- Webmin
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
2006-07-02
2006-09-05
7.0CVE-2006-4542
OTHER-REF
OTHER-REF
WEBMIN
FRSIRT
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AVIRA -- AntiVirThe start update window in Avira AntiVir PersonalEdition Classic allows local users to gain system privileges via a "Shatter" style attack on an unspecified progress bar.
unknown
2006-09-06
4.9CVE-2006-4619
BUGTRAQ
BUGTRAQ
BeCubed -- Compression PlusStack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
unknown
2006-09-05
5.6CVE-2006-4554
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
Internet Security Systems -- BlackICE PC ProtectionRapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function.
unknown
2006-09-05
5.6CVE-2006-4541
OTHER-REF
SECUNIA
BUGTRAQ
BID
John Lim -- ADOdbPHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.
unknown
2006-09-06
5.6CVE-2006-4618
BUGTRAQ
OTHER-REF
OTHER-REF
XF
Lyris -- List ManagerLyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.
unknown
2006-09-05
4.2CVE-2006-4546
BUGTRAQ
FULLDISC
XF
Lyris -- List ManagerLyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection.
unknown
2006-09-05
4.2CVE-2006-4547
BUGTRAQ
FULLDISC
Microsoft -- WordUnspecified vulnerability in Microsoft Word 2000 allows remote user-assisted attackers to execute arbitrary code via unknown vectors, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. NOTE: as of 20060905, it is believed that this is a different vulnerability than previously announced Word vulnerabilities.
unknown
2006-09-05
5.6CVE-2006-4534
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
OTHER-REF
SECTRACK
OpenSSL Project -- OpenSSLOpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS
unknown
2006-09-05
5.6CVE-2006-4339
MLIST
OTHER-REF
FRSIRT
SECUNIA
UBUNTU
BID
PHPProjekt -- PHPProjekt** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used.
unknown
2006-09-06
5.6CVE-2006-4609
BUGTRAQ
BUGTRAQ
FRSIRT
Simple Machines -- Simple Machines ForumSQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.
unknown
2006-09-05
5.6CVE-2006-4564
FRSIRT
SECUNIA
BUGTRAQ
XF
Tr Forum -- Tr ForumSQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
unknown
2006-09-06
6.0CVE-2006-4585
BUGTRAQ
OTHER-REF
Milw0rm
BID
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
2Wire Inc -- HomePortal
2Wire Inc -- OfficePortal
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
unknown
2006-09-01
2.3CVE-2006-4523
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Alt-N -- WebAdminThe useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account.
unknown
2006-09-06
3.4CVE-2006-4620
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
CHXO -- FeedsplitterCHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.
unknown
2006-09-05
2.3CVE-2006-4549
BUGTRAQ
CHXO -- FeedsplitterDirectory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.
unknown
2006-09-05
2.3CVE-2006-4550
BUGTRAQ
DEC -- DEC OpenVMS AlphaNET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in OpenVMS ALPHA 7.3-2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file.
unknown
2006-09-05
1.6CVE-2006-4537
OTHER-REF
BID
OSVDB
SECUNIA
FRSIRT
SECTRACK
XF
Devellion -- CubeCartCross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
unknown
2006-09-01
2.3CVE-2006-4525
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Devellion -- CubeCartincludes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
unknown
2006-09-01
1.9CVE-2006-4527
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
GNU -- MailmanCRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI.
unknown
2006-09-07
1.9CVE-2006-4624
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ISC -- BINDBIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
unknown
2006-09-05
2.3CVE-2006-4095
OTHER-REF
CERT-VN
FRSIRT
SECTRACK
SECUNIA
ISC -- BINDBIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
unknown
2006-09-05
2.3CVE-2006-4096
OTHER-REF
CERT-VN
FRSIRT
SECTRACK
SECUNIA
Linux -- Linux KernelLinux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
unknown
2006-09-05
2.3CVE-2006-4538
OTHER-REF
OTHER-REF
MailEnable -- MailEnable Professional
MailEnable -- MailEnable Enterprise
MailEnable -- MailEnable Standard
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
unknown
2006-09-06
2.3CVE-2006-4616
OTHER-REF
OTHER-REF
SECTRACK
Membrepass -- membrepassMultiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.
unknown
2006-09-01
2.3CVE-2006-4528
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- System Information ActiveX controlSystem Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
unknown
2006-09-07
2.3CVE-2006-4627
OTHER-REF
OTHER-REF
OSVDB
muforum -- muforummuforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.
unknown
2006-09-06
2.3CVE-2006-4595
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
OpenLDAP -- OpenLDAPslapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
unknown
2006-09-06
1.4CVE-2006-4600
MLIST
OTHER-REF
OTHER-REF
BID
SECUNIA
Pocket PC -- Pocket PCPDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat.
unknown
2006-09-06
2.3CVE-2006-4614
BUGTRAQ
OTHER-REF
SECTRACK
Secure Computing -- SnapGearMultiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018.
unknown
2006-09-06
3.3CVE-2006-4613
CYBERGUARD
BID
SECUNIA
XF
XF
Shape Services -- IM+ Mobile Instant MessengerShape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file.
unknown
2006-09-06
2.3CVE-2006-4615
BUGTRAQ
OTHER-REF
Symantec -- Gateway Security** DISPUTED ** The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface.
unknown
2006-09-05
2.3CVE-2006-4562
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Tr Forum -- Tr ForumThe admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
unknown
2006-09-06
2.8CVE-2006-4586
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.