U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-261)

Vulnerability Summary for the Week of September 11, 2006

Original release date: September 18, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Akarru -- Social BookMarking EnginePHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter.
unknown
2006-09-08
7.0CVE-2006-4645
OTHER-REF
BID
FRSIRT
SECUNIA
XF
BUGTRAQ
Amazing Little Picture Poll -- Amazing Little Picture Poll
Amazing Little Poll -- Amazing Little Poll
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
unknown
2006-09-08
7.0CVE-2006-4652
BUGTRAQ
BID
XF
Andreas Gohr -- DokuWikiDirect static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
2006-09-07
2006-09-11
7.0CVE-2006-4674
BUGTRAQ
ALTERVISTA
OTHER-REF
SECUNIA
Andreas Gohr -- DokuWikiUnrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.
2006-09-07
2006-09-11
7.0CVE-2006-4675
BUGTRAQ
ALTERVISTA
SECUNIA
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
unknown
2006-09-08
7.0CVE-2006-4648
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
BUGTRAQ
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
unknown
2006-09-08
7.0CVE-2006-4649
FRSIRT
SECTRACK
BUGTRAQ
Bugada Andrea -- PHP Advanced Transfer ManagerMultiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
unknown
2006-09-13
7.0CVE-2006-4749
BUGTRAQ
C-News.fr -- C-NewsPHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-09-08
7.0CVE-2006-4629
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
XF
CMS.R. -- CMS.R.Multiple SQL injection vulnerabilities in index.php in CMS.R. allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters.
unknown
2006-09-13
7.0CVE-2006-4736
BUGTRAQ
BID
ComScripts -- News EvolutionPHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.
unknown
2006-09-11
7.0CVE-2006-4678
BUGTRAQ
XF
ComScripts -- Web Server CreatorPHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
unknown
2006-09-13
7.0CVE-2006-4746
BUGTRAQ
OTHER-REF
ComScripts -- PHProgCross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
unknown
2006-09-13
7.0CVE-2006-4754
FULLDISC
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
Drupal -- Drupal Pathauto ModuleCross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-08
7.0CVE-2006-4646
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- Drupal Pubcookie moduleThe login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
unknown
2006-09-12
7.0CVE-2006-4717
DRUPAL
BID
FRSIRT
SECUNIA
F-ART Agency -- BLOG:CMSMultiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php.
unknown
2006-09-13
7.0CVE-2006-4748
BUGTRAQ
OTHER-REF
OTHER-REF
XF
Fire Soft Board -- Fire Soft BoardPHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
unknown
2006-09-12
7.0CVE-2006-4716
OTHER-REF
Milw0rm
BID
XF
GTASoft -- PhotoKorn GalleryMultiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php.
unknown
2006-09-08
7.0CVE-2006-4670
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BUGTRAQ
BID
OSVDB
OSVDB
XF
IBM -- Lotus Domino Web AccessIBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
unknown
2006-09-13
7.0CVE-2006-4763
BUGTRAQ
FISHNET
OTHER-REF
BID
IDevSpot -- PhpLinkExchangePHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
unknown
2006-09-13
7.0CVE-2006-4741
BUGTRAQ
BID
Ipswitch -- IMail Secure Server
Ipswitch -- IMail Plus
Ipswitch -- Ipswitch Collaboration Suite
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
unknown
2006-09-08
7.0CVE-2006-4379
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
SECTRACK
SECTRACK
XF
Jetbox -- Jetbox CMSSQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
unknown
2006-09-13
7.0CVE-2006-4737
BUGTRAQ
BID
XF
Jetbox -- Jetbox CMSPHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
unknown
2006-09-13
7.0CVE-2006-4738
BUGTRAQ
BID
XF
KorviBlog -- KorviBlogMultiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters.
unknown
2006-09-12
7.0CVE-2006-4718
FULLDISC
BID
SECUNIA
XF
McGallery -- McGallery PROPHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
unknown
2006-09-12
7.0CVE-2006-4720
Milw0rm
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
Microsoft -- Windows 2000
Microsoft -- Internet Explorer
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
unknown
2006-09-12
7.0CVE-2006-3873
OTHER-REF
MS
BUGTRAQ
OTHER-REF
BID
Mirabilis -- ICQHeap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
2006-07-27
2006-09-08
7.0CVE-2006-4662
BUGTRAQ
OTHER-REF
BID
CERT-VN
FRSIRT
SECUNIA
XF
Muratsoft -- Haber PortalSQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
unknown
2006-09-08
7.0CVE-2006-4641
Milw0rm
BID
XF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
unknown
2006-09-12
7.0CVE-2006-4706
BUGTRAQ
OTHER-REF
MyBB
FRSIRT
MyBB -- MyBBCross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
unknown
2006-09-12
7.0CVE-2006-4707
BUGTRAQ
OTHER-REF
MyBB
FRSIRT
OpenBB -- OpenBBPHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php.
unknown
2006-09-12
7.0CVE-2006-4722
BUGTRAQ
BID
FRSIRT
XF
Panda -- Panda Platinum Internet SecurityPanda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.
2006-08-11
2006-09-08
7.0CVE-2006-4657
BUGTRAQ
OTHER-REF
BID
SECUNIA
FRSIRT
phpFullAnnu -- phpFullAnnuPHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
unknown
2006-09-08
7.0CVE-2006-4644
OTHER-REF
BID
FRSIRT
SECUNIA
phpMyDirectory -- phpMyDirectorySQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-13
7.0CVE-2006-4756
FRSIRT
SECUNIA
PHPOpenChat -- PHPOpenChat** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE.
unknown
2006-09-11
7.0CVE-2006-4677
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
profitCode -- ppalCartPHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php.
unknown
2006-09-11
7.0CVE-2006-4672
Milw0rm
BID
XF
BUGTRAQ
FRSIRT
SECUNIA
PSYWERKS -- PUMAPHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
unknown
2006-09-12
7.0CVE-2006-4713
OTHER-REF
Milw0rm
BID
FRSIRT
BUGTRAQ
XF
RunCMS -- RunCMSMultiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.
unknown
2006-09-08
7.0CVE-2006-4667
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sage -- SageMultiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
unknown
2006-09-12
7.0CVE-2006-4712
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
SIPS -- SIPSPHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter.
unknown
2006-09-13
7.0CVE-2006-4733
BUGTRAQ
OTHER-REF
BID
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.
unknown
2006-09-08
7.0CVE-2006-4630
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SoftBB -- SoftBBMultiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
unknown
2006-09-08
7.0CVE-2006-4632
BUGTRAQ
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Sponge News -- Sponge NewsPHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
unknown
2006-09-08
7.0CVE-2006-4647
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SpoonLabs -- Vivvo Article Management CMSSQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-09-12
7.0CVE-2006-4715
OTHER-REF
Milw0rm
BID
FRSIRT
SECUNIA
XF
Stefan Ernst -- NewsscriptMultiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.
unknown
2006-09-08
7.0CVE-2006-4666
BUGTRAQ
BID
FRSIRT
SECUNIA
SZEWO -- PhpCommanderDirectory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
unknown
2006-09-08
7.0CVE-2006-4636
OTHER-REF
BID
FRSIRT
SECUNIA
TikiWiki Project -- TikiWikiMultiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
unknown
2006-09-13
7.0CVE-2006-4734
BUGTRAQ
SOURCEFORGE
OTHER-REF
BID
Uni-Vert -- PhpLeagueSQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-08
7.0CVE-2006-4643
BID
FRSIRT
SECUNIA
Vikingboard -- VikingboardMultiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
unknown
2006-09-12
7.0CVE-2006-4708
BUGTRAQ
BID
Web-Provence -- SL_SitePHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.
unknown
2006-09-08
7.0CVE-2006-4656
BUGTRAQ
OTHER-REF
BID
XF
SECTRACK
WTools -- WToolsPHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2006-09-13
7.0CVE-2006-4764
BUGTRAQ
BID
X.Org -- X.Org
XFree86 Project -- XFree86 X
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
2006-08-25
2006-09-12
7.0CVE-2006-3739
IDEFENSE
REDHAT
REDHAT
GENTOO
UBUNTU
BID
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
X.Org -- X.Org
XFree86 Project -- XFree86 X
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
2006-08-25
2006-09-12
7.0CVE-2006-3740
IDEFENSE
REDHAT
REDHAT
GENTOO
UBUNTU
BID
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XHP -- CMSCross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.
unknown
2006-09-13
7.0CVE-2006-4751
BUGTRAQ
BID
SECUNIA
XF
FRSIRT
SECTRACK

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
ACGV News -- ACGV NewsMultiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information.
unknown
2006-09-08
5.6CVE-2006-4637
SECUNIA
BUGTRAQ
BID
FRSIRT
XF
ACGV News -- ACGV NewsPHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.
unknown
2006-09-08
5.6CVE-2006-4638
Milw0rm
SECUNIA
BID
FRSIRT
XF
Adobe -- Flex
Adobe -- Flash
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
2006-05-12
2006-09-12
5.6CVE-2006-3311
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
REDHAT
BID
FRSIRT
FRSIRT
Adobe -- FlashUnspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
unknown
2006-09-12
4.9CVE-2006-4640
OTHER-REF
SECUNIA
BID
FRSIRT
FRSIRT
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
unknown
2006-09-12
5.6CVE-2006-4381
BUGTRAQ
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- QuickTime PlayerMultiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
unknown
2006-09-12
5.6CVE-2006-4382
APPLE
BID
BUGTRAQ
CERT
CERT-VN
FRSIRT
SECUNIA
Apple -- QuickTime PlayerHeap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
unknown
2006-09-12
5.6CVE-2006-4384
IDEFENSE
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerBuffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
unknown
2006-09-12
5.6CVE-2006-4385
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
unknown
2006-09-12
5.6CVE-2006-4386
BUGTRAQ
APPLE
BID
BUGTRAQ
OTHER-REF
CERT
CERT-VN
FRSIRT
SECUNIA
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
unknown
2006-09-12
5.6CVE-2006-4388
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerApple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
unknown
2006-09-12
5.6CVE-2006-4389
APPLE
BID
BUGTRAQ
CERT
CERT-VN
FRSIRT
SECUNIA
C-News.fr -- C-NewsMultiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information.
unknown
2006-09-08
5.6CVE-2006-4639
FRSIRT
SECUNIA
XF
BUGTRAQ
CCleague -- Pro Sports CMSDirectory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
unknown
2006-09-12
5.6CVE-2006-4721
Milw0rm
FRSIRT
SECUNIA
EFS Software -- Easy Address Book Web ServerFormat string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.
unknown
2006-09-08
5.6CVE-2006-4654
BUGTRAQ
BID
XF
Fscripts -- Fantastic NewsPHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-11
5.6CVE-2006-4671
FRSIRT
SECUNIA
ICQ Inc -- ICQ ToolbarMultiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.
2006-07-27
2006-09-08
4.7CVE-2006-4660
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microchip Data Systems -- ZipTV for Delphi 7
Microchip Data Systems -- ZipTV for C++ Builder
Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16 allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header, which is not properly handled by the TZipTV component. NOTE: the ACE archive vector is covered by CVE-2005-2856.
unknown
2006-09-08
5.6CVE-2006-2482
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- Publisher
Microsoft -- Office
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
2005-08-03
2006-09-12
5.6CVE-2006-0001
BUGTRAQ
OTHER-REF
MS
BID
FRSIRT
SECUNIA
CERT
CERT-VN
Microsoft -- Windows XPUnspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
unknown
2006-09-12
5.6CVE-2006-3442
MS
FRSIRT
SECUNIA
CERT
CERT-VN
Microsoft -- Visual BasicUnspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
unknown
2006-09-13
4.9CVE-2006-4732
BUGTRAQ
OTHER-REF
MyABraCaDaWeb -- MyABraCaDaWebMultiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.
unknown
2006-09-12
5.6CVE-2006-4719
Milw0rm
MLIST
FRSIRT
SECUNIA
BID
XF
OPENi-CMS Group -- OPENi-CMSPHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
unknown
2006-09-13
5.6CVE-2006-4750
OTHER-REF
Milw0rm
BID
FRSIRT
SECUNIA
XF
Premod Shadow -- Premod ShadowPHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-09-08
5.6CVE-2006-4664
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
FRSIRT
RaidenHTTPD -- RaidenHTTPDPHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.
unknown
2006-09-12
5.6CVE-2006-4723
Milw0rm
BID
FRSIRT
SECUNIA
XF
SCO -- UnixWare
Sun -- Solaris
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
unknown
2006-09-08
4.9CVE-2006-4655
OTHER-REF
SUNALERT
BUGTRAQ
BID
FRSIRT
FRSIRT
SECTRACK
SECUNIA
XF
SECUNIA
SECUNIA
SoftBB -- SoftBBDirect static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
unknown
2006-09-08
4.2CVE-2006-4631
BUGTRAQ
ACID ROOT
Milw0rm
SECTRACK
SECUNIA
Somery -- SomeryPHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter.
unknown
2006-09-08
5.6CVE-2006-4669
OTHER-REF
FRSIRT
SECUNIA
BID
XF
SpoonLabs -- Vivvo Article Management CMSPHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
unknown
2006-09-12
5.6CVE-2006-4714
OTHER-REF
Milw0rm
FRSIRT
SECUNIA
XF
Squiz -- MySource ClassicUnspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.
unknown
2006-09-08
4.2CVE-2006-4635
OTHER-REF
BID
SECUNIA
FRSIRT
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Abidia -- O-Anywhere
Abidia -- Abidia Wireless
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
unknown
2006-09-13
2.3CVE-2006-4744
BUGTRAQ
OTHER-REF
Amazing Little Picture Poll -- Amazing Little Picture Poll
Amazing Little Poll -- Amazing Little Poll
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
unknown
2006-09-08
2.3CVE-2006-4653
BUGTRAQ
BID
XF
Andreas Gohr -- DokuWikiDokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
unknown
2006-09-11
2.3CVE-2006-4679
BUGTRAQ
ALTERVISTA
AuditWizard -- AuditWizardAuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
unknown
2006-09-08
1.0CVE-2006-4642
BUGTRAQ
SECTRACK
SECUNIA
XF
FRSIRT
Benjamin Pasero and Tobias Eichert -- RSSOwlMultiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4760
OTHER-REF
cairohost -- VBZooMCross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
unknown
2006-09-08
2.3CVE-2006-4634
BUGTRAQ
BID
SECUNIA
XF
Canon -- imageRUNNERThe Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.
unknown
2006-09-11
1.4CVE-2006-4680
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
Cisco -- IOSCisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
unknown
2006-09-08
1.9CVE-2006-4650
BUGTRAQ
OTHER-REF
CISCO
SECTRACK
FRSIRT
SECUNIA
XF
ComScripts -- PHProgDirectory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
unknown
2006-09-13
2.3CVE-2006-4753
FULLDISC
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Dominic Gamble -- Timesheet.phpSQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
unknown
2006-09-12
2.3CVE-2006-4705
BUGTRAQ
BLOGSPOT
FRSIRT
SECUNIA
e107.org -- e107 website systemMultiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
unknown
2006-09-13
1.1CVE-2006-4757
BUGTRAQ
OTHER-REF
IBM -- DirectorDirectory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
unknown
2006-09-11
2.3CVE-2006-4681
Milw0rm
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- DirectorMultiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
unknown
2006-09-11
2.3CVE-2006-4682
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- DirectorIBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
unknown
2006-09-11
2.3CVE-2006-4683
AIXAPAR
BID
FRSIRT
SECUNIA
ICQ Inc -- ICQ ToolbarAOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
unknown
2006-09-08
1.9CVE-2006-4661
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
IDevSpot -- PhpLinkExchangeCross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2006-09-13
2.3CVE-2006-4742
BUGTRAQ
BID
IdevSpot -- TextAdsMultiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
unknown
2006-09-13
2.3CVE-2006-4747
BUGTRAQ
BID
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
unknown
2006-09-13
1.9CVE-2006-4739
BUGTRAQ
BID
XF
Jetbox -- Jetbox CMSJetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
unknown
2006-09-13
2.3CVE-2006-4740
BUGTRAQ
BID
XF
Kellan Elliott-McCrea -- MagpieRSSKellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
unknown
2006-09-13
2.3CVE-2006-4735
BUGTRAQ
XF
LedgerSMB -- LedgerSMB
DWS Systems Inc. -- SQL-Ledger
Directory traversal vulnerability in login.pl in (1) SQL-Ledger before 2.6.19 and (2) LedgerSMB before 1.0.0p1 allows remote attackers to execute arbitrary Perl code via unspecified vectors involving the terminal parameter.
unknown
2006-09-12
2.3CVE-2006-4731
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
BUGTRAQ
BID
Linux -- Linux kernelThe Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
unknown
2006-09-11
3.3CVE-2006-4623
MLIST
BID
SECUNIA
FRSIRT
Linux -- Linux kernel** DISPUTED ** The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios.
unknown
2006-09-08
2.3CVE-2006-4663
BUGTRAQ
BUGTRAQ
Luke Hutteman -- SharpReaderMultiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4761
OTHER-REF
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving Internet Information Services (IIS).
unknown
2006-09-12
2.3CVE-2006-0032
MS
BID
FRSIRT
SECUNIA
CERT
CERT-VN
MKPortal -- MKPortalCross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information.
unknown
2006-09-08
2.3CVE-2006-4665
BUGTRAQ
FRSIRT
SECUNIA
XF
Mono -- XSP
SuSE -- SuSE Open Enterprise Server
SuSE -- SuSE Linux Professional
SuSE -- SuSE Linux Personal
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
unknown
2006-09-12
2.3CVE-2006-2658
SUSE
BID
FRSIRT
SECUNIA
SECTRACK
NewsGator -- FeedDemonMultiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
unknown
2006-09-12
2.3CVE-2006-4710
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Panda -- Panda Platinum Internet SecurityPanda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
2006-08-11
2006-09-08
2.3CVE-2006-4658
BUGTRAQ
OTHER-REF
BID
SECUNIA
Panda -- Panda Platinum Internet SecurityThe Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.
2006-08-11
2006-09-08
2.3CVE-2006-4659
BUGTRAQ
OTHER-REF
BID
SECUNIA
PHP -- PHPPHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
unknown
2006-09-12
3.3CVE-2006-4625
BUGTRAQ
BUGTRAQ
SECURITY REASON
BID
BUGTRAQ
XF
PHP-Fusion -- PHP-Fusion
PHP-Fusion -- PHP_Fusion
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
unknown
2006-09-11
1.9CVE-2006-4673
BUGTRAQ
ALTERVISTA
BID
SECUNIA
OTHER-REF
FRSIRT
XF
phpBB Group -- phpBBphpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
unknown
2006-09-13
2.2CVE-2006-4758
BUGTRAQ
OTHER-REF
phpMyDirectory -- phpMyDirectoryCross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-13
2.3CVE-2006-4755
FRSIRT
SECUNIA
PunBB -- PunBBPunBB 1.2.12 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by creating an avatar image file containing PHP code in the EXIF data, and uploading the file via unspecified vectors.
unknown
2006-09-13
2.2CVE-2006-4759
BUGTRAQ
OTHER-REF
Rob Hensley -- AckerTodoCross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.
unknown
2006-09-08
2.3CVE-2006-4668
BUGTRAQ
BID
SECUNIA
FRSIRT
XF
Sage -- SageMultiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
unknown
2006-09-12
2.3CVE-2006-4711
OTHER-REF
OTHER-REF
OTHER-REF
ScaryBear -- PocketExpense ProScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
unknown
2006-09-13
3.3CVE-2006-4745
BUGTRAQ
OTHER-REF
SoftBB -- SoftBBindex.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
unknown
2006-09-08
2.3CVE-2006-4633
BUGTRAQ
OTHER-REF
OTHER-REF
SECTRACK
Threesquared.net -- Php download scriptDirectory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.
unknown
2006-09-08
2.3CVE-2006-4651
BUGTRAQ
FRSIRT
SECUNIA
XF
TIBCO -- RendezVousTIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
2006-09-01
2006-09-11
1.3CVE-2006-4676
Milw0rm
BID
FRSIRT
SECUNIA
TWiki -- TWikiDirectory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
unknown
2006-09-08
2.3CVE-2006-4294
OTHER-REF
BID
SECTRACK
FRSIRT
SECUNIA
VCD-db -- VCD-dbCross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.
unknown
2006-09-08
2.3CVE-2006-4628
OTHER-REF
SECUNIA
BID
FRSIRT
XF
Vikingboard -- VikingboardSQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter.
unknown
2006-09-12
2.3CVE-2006-4709
BUGTRAQ
BID
WordPress -- WordPressWordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.
unknown
2006-09-13
2.3CVE-2006-4743
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
XHP -- CMSLaurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.
unknown
2006-09-13
2.3CVE-2006-4752
BUGTRAQ
SECUNIA
FRSIRT
SECTRACK
XF
Ykoon -- RssReaderMultiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4762
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Akarru -- Social BookMarking EnginePHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter.
unknown
2006-09-08
7.0CVE-2006-4645
OTHER-REF
BID
FRSIRT
SECUNIA
XF
BUGTRAQ
Amazing Little Picture Poll -- Amazing Little Picture Poll
Amazing Little Poll -- Amazing Little Poll
(1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php.
unknown
2006-09-08
7.0CVE-2006-4652
BUGTRAQ
BID
XF
Andreas Gohr -- DokuWikiDirect static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.
2006-09-07
2006-09-11
7.0CVE-2006-4674
BUGTRAQ
ALTERVISTA
OTHER-REF
SECUNIA
Andreas Gohr -- DokuWikiUnrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.
2006-09-07
2006-09-11
7.0CVE-2006-4675
BUGTRAQ
ALTERVISTA
SECUNIA
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
unknown
2006-09-08
7.0CVE-2006-4648
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SECTRACK
BUGTRAQ
BinGo News -- BinGo NewsPHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
unknown
2006-09-08
7.0CVE-2006-4649
FRSIRT
SECTRACK
BUGTRAQ
Bugada Andrea -- PHP Advanced Transfer ManagerMultiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594.
unknown
2006-09-13
7.0CVE-2006-4749
BUGTRAQ
C-News.fr -- C-NewsPHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-09-08
7.0CVE-2006-4629
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
XF
CMS.R. -- CMS.R.Multiple SQL injection vulnerabilities in index.php in CMS.R. allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters.
unknown
2006-09-13
7.0CVE-2006-4736
BUGTRAQ
BID
ComScripts -- News EvolutionPHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php.
unknown
2006-09-11
7.0CVE-2006-4678
BUGTRAQ
XF
ComScripts -- Web Server CreatorPHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
unknown
2006-09-13
7.0CVE-2006-4746
BUGTRAQ
OTHER-REF
ComScripts -- PHProgCross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
unknown
2006-09-13
7.0CVE-2006-4754
FULLDISC
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
XF
Drupal -- Drupal Pathauto ModuleCross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-08
7.0CVE-2006-4646
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drupal -- Drupal Pubcookie moduleThe login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors.
unknown
2006-09-12
7.0CVE-2006-4717
DRUPAL
BID
FRSIRT
SECUNIA
F-ART Agency -- BLOG:CMSMultiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php.
unknown
2006-09-13
7.0CVE-2006-4748
BUGTRAQ
OTHER-REF
OTHER-REF
XF
Fire Soft Board -- Fire Soft BoardPHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
unknown
2006-09-12
7.0CVE-2006-4716
OTHER-REF
Milw0rm
BID
XF
GTASoft -- PhotoKorn GalleryMultiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php.
unknown
2006-09-08
7.0CVE-2006-4670
OTHER-REF
FRSIRT
SECUNIA
BUGTRAQ
BUGTRAQ
BID
OSVDB
OSVDB
XF
IBM -- Lotus Domino Web AccessIBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie.
unknown
2006-09-13
7.0CVE-2006-4763
BUGTRAQ
FISHNET
OTHER-REF
BID
IDevSpot -- PhpLinkExchangePHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter.
unknown
2006-09-13
7.0CVE-2006-4741
BUGTRAQ
BID
Ipswitch -- IMail Secure Server
Ipswitch -- IMail Plus
Ipswitch -- Ipswitch Collaboration Suite
Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character.
unknown
2006-09-08
7.0CVE-2006-4379
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
SECTRACK
SECTRACK
XF
Jetbox -- Jetbox CMSSQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
unknown
2006-09-13
7.0CVE-2006-4737
BUGTRAQ
BID
XF
Jetbox -- Jetbox CMSPHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270.
unknown
2006-09-13
7.0CVE-2006-4738
BUGTRAQ
BID
XF
KorviBlog -- KorviBlogMultiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters.
unknown
2006-09-12
7.0CVE-2006-4718
FULLDISC
BID
SECUNIA
XF
McGallery -- McGallery PROPHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
unknown
2006-09-12
7.0CVE-2006-4720
Milw0rm
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
Microsoft -- Windows 2000
Microsoft -- Internet Explorer
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
unknown
2006-09-12
7.0CVE-2006-3873
OTHER-REF
MS
BUGTRAQ
OTHER-REF
BID
Mirabilis -- ICQHeap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type.
2006-07-27
2006-09-08
7.0CVE-2006-4662
BUGTRAQ
OTHER-REF
BID
CERT-VN
FRSIRT
SECUNIA
XF
Muratsoft -- Haber PortalSQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
unknown
2006-09-08
7.0CVE-2006-4641
Milw0rm
BID
XF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761.
unknown
2006-09-12
7.0CVE-2006-4706
BUGTRAQ
OTHER-REF
MyBB
FRSIRT
MyBB -- MyBBCross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).
unknown
2006-09-12
7.0CVE-2006-4707
BUGTRAQ
OTHER-REF
MyBB
FRSIRT
OpenBB -- OpenBBPHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php.
unknown
2006-09-12
7.0CVE-2006-4722
BUGTRAQ
BID
FRSIRT
XF
Panda -- Panda Platinum Internet SecurityPanda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.
2006-08-11
2006-09-08
7.0CVE-2006-4657
BUGTRAQ
OTHER-REF
BID
SECUNIA
FRSIRT
phpFullAnnu -- phpFullAnnuPHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter.
unknown
2006-09-08
7.0CVE-2006-4644
OTHER-REF
BID
FRSIRT
SECUNIA
phpMyDirectory -- phpMyDirectorySQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-13
7.0CVE-2006-4756
FRSIRT
SECUNIA
PHPOpenChat -- PHPOpenChat** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE.
unknown
2006-09-11
7.0CVE-2006-4677
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
profitCode -- ppalCartPHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php.
unknown
2006-09-11
7.0CVE-2006-4672
Milw0rm
BID
XF
BUGTRAQ
FRSIRT
SECUNIA
PSYWERKS -- PUMAPHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
unknown
2006-09-12
7.0CVE-2006-4713
OTHER-REF
Milw0rm
BID
FRSIRT
BUGTRAQ
XF
RunCMS -- RunCMSMultiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php.
unknown
2006-09-08
7.0CVE-2006-4667
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Sage -- SageMultiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."
unknown
2006-09-12
7.0CVE-2006-4712
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
SIPS -- SIPSPHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter.
unknown
2006-09-13
7.0CVE-2006-4733
BUGTRAQ
OTHER-REF
BID
Sky Gunning -- MySpeachPHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.
unknown
2006-09-08
7.0CVE-2006-4630
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SoftBB -- SoftBBMultiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php.
unknown
2006-09-08
7.0CVE-2006-4632
BUGTRAQ
OTHER-REF
OTHER-REF
SECTRACK
SECUNIA
Sponge News -- Sponge NewsPHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter.
unknown
2006-09-08
7.0CVE-2006-4647
OTHER-REF
BID
FRSIRT
SECUNIA
XF
SpoonLabs -- Vivvo Article Management CMSSQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-09-12
7.0CVE-2006-4715
OTHER-REF
Milw0rm
BID
FRSIRT
SECUNIA
XF
Stefan Ernst -- NewsscriptMultiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php.
unknown
2006-09-08
7.0CVE-2006-4666
BUGTRAQ
BID
FRSIRT
SECUNIA
SZEWO -- PhpCommanderDirectory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code.
unknown
2006-09-08
7.0CVE-2006-4636
OTHER-REF
BID
FRSIRT
SECUNIA
TikiWiki Project -- TikiWikiMultiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
unknown
2006-09-13
7.0CVE-2006-4734
BUGTRAQ
SOURCEFORGE
OTHER-REF
BID
Uni-Vert -- PhpLeagueSQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-08
7.0CVE-2006-4643
BID
FRSIRT
SECUNIA
Vikingboard -- VikingboardMultiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php.
unknown
2006-09-12
7.0CVE-2006-4708
BUGTRAQ
BID
Web-Provence -- SL_SitePHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter.
unknown
2006-09-08
7.0CVE-2006-4656
BUGTRAQ
OTHER-REF
BID
XF
SECTRACK
WTools -- WToolsPHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
unknown
2006-09-13
7.0CVE-2006-4764
BUGTRAQ
BID
X.Org -- X.Org
XFree86 Project -- XFree86 X
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
2006-08-25
2006-09-12
7.0CVE-2006-3739
IDEFENSE
REDHAT
REDHAT
GENTOO
UBUNTU
BID
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
X.Org -- X.Org
XFree86 Project -- XFree86 X
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
2006-08-25
2006-09-12
7.0CVE-2006-3740
IDEFENSE
REDHAT
REDHAT
GENTOO
UBUNTU
BID
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XHP -- CMSCross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter.
unknown
2006-09-13
7.0CVE-2006-4751
BUGTRAQ
BID
SECUNIA
XF
FRSIRT
SECTRACK

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
ACGV News -- ACGV NewsMultiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information.
unknown
2006-09-08
5.6CVE-2006-4637
SECUNIA
BUGTRAQ
BID
FRSIRT
XF
ACGV News -- ACGV NewsPHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter.
unknown
2006-09-08
5.6CVE-2006-4638
Milw0rm
SECUNIA
BID
FRSIRT
XF
Adobe -- Flex
Adobe -- Flash
Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie.
2006-05-12
2006-09-12
5.6CVE-2006-3311
BUGTRAQ
OTHER-REF
OTHER-REF
SECUNIA
REDHAT
BID
FRSIRT
FRSIRT
Adobe -- FlashUnspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.
unknown
2006-09-12
4.9CVE-2006-4640
OTHER-REF
SECUNIA
BID
FRSIRT
FRSIRT
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
unknown
2006-09-12
5.6CVE-2006-4381
BUGTRAQ
OTHER-REF
APPLE
BID
FRSIRT
SECUNIA
Apple -- QuickTime PlayerMultiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
unknown
2006-09-12
5.6CVE-2006-4382
APPLE
BID
BUGTRAQ
CERT
CERT-VN
FRSIRT
SECUNIA
Apple -- QuickTime PlayerHeap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
unknown
2006-09-12
5.6CVE-2006-4384
IDEFENSE
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerBuffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
unknown
2006-09-12
5.6CVE-2006-4385
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381.
unknown
2006-09-12
5.6CVE-2006-4386
BUGTRAQ
APPLE
BID
BUGTRAQ
OTHER-REF
CERT
CERT-VN
FRSIRT
SECUNIA
Apple -- QuickTime PlayerInteger overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
unknown
2006-09-12
5.6CVE-2006-4388
APPLE
BID
BUGTRAQ
FRSIRT
SECUNIA
Apple -- QuickTime PlayerApple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
unknown
2006-09-12
5.6CVE-2006-4389
APPLE
BID
BUGTRAQ
CERT
CERT-VN
FRSIRT
SECUNIA
C-News.fr -- C-NewsMultiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information.
unknown
2006-09-08
5.6CVE-2006-4639
FRSIRT
SECUNIA
XF
BUGTRAQ
CCleague -- Pro Sports CMSDirectory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.
unknown
2006-09-12
5.6CVE-2006-4721
Milw0rm
FRSIRT
SECUNIA
EFS Software -- Easy Address Book Web ServerFormat string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.
unknown
2006-09-08
5.6CVE-2006-4654
BUGTRAQ
BID
XF
Fscripts -- Fantastic NewsPHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-11
5.6CVE-2006-4671
FRSIRT
SECUNIA
ICQ Inc -- ICQ ToolbarMultiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed.
2006-07-27
2006-09-08
4.7CVE-2006-4660
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microchip Data Systems -- ZipTV for Delphi 7
Microchip Data Systems -- ZipTV for C++ Builder
Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16 allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header, which is not properly handled by the TZipTV component. NOTE: the ACE archive vector is covered by CVE-2005-2856.
unknown
2006-09-08
5.6CVE-2006-2482
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- Publisher
Microsoft -- Office
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
2005-08-03
2006-09-12
5.6CVE-2006-0001
BUGTRAQ
OTHER-REF
MS
BID
FRSIRT
SECUNIA
CERT
CERT-VN
Microsoft -- Windows XPUnspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
unknown
2006-09-12
5.6CVE-2006-3442
MS
FRSIRT
SECUNIA
CERT
CERT-VN
Microsoft -- Visual BasicUnspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
unknown
2006-09-13
4.9CVE-2006-4732
BUGTRAQ
OTHER-REF
MyABraCaDaWeb -- MyABraCaDaWebMultiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php.
unknown
2006-09-12
5.6CVE-2006-4719
Milw0rm
MLIST
FRSIRT
SECUNIA
BID
XF
OPENi-CMS Group -- OPENi-CMSPHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
unknown
2006-09-13
5.6CVE-2006-4750
OTHER-REF
Milw0rm
BID
FRSIRT
SECUNIA
XF
Premod Shadow -- Premod ShadowPHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-09-08
5.6CVE-2006-4664
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
FRSIRT
RaidenHTTPD -- RaidenHTTPDPHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.
unknown
2006-09-12
5.6CVE-2006-4723
Milw0rm
BID
FRSIRT
SECUNIA
XF
SCO -- UnixWare
Sun -- Solaris
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
unknown
2006-09-08
4.9CVE-2006-4655
OTHER-REF
SUNALERT
BUGTRAQ
BID
FRSIRT
FRSIRT
SECTRACK
SECUNIA
XF
SECUNIA
SECUNIA
SoftBB -- SoftBBDirect static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request.
unknown
2006-09-08
4.2CVE-2006-4631
BUGTRAQ
ACID ROOT
Milw0rm
SECTRACK
SECUNIA
Somery -- SomeryPHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter.
unknown
2006-09-08
5.6CVE-2006-4669
OTHER-REF
FRSIRT
SECUNIA
BID
XF
SpoonLabs -- Vivvo Article Management CMSPHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter.
unknown
2006-09-12
5.6CVE-2006-4714
OTHER-REF
Milw0rm
FRSIRT
SECUNIA
XF
Squiz -- MySource ClassicUnspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue.
unknown
2006-09-08
4.2CVE-2006-4635
OTHER-REF
BID
SECUNIA
FRSIRT
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Abidia -- O-Anywhere
Abidia -- Abidia Wireless
Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing.
unknown
2006-09-13
2.3CVE-2006-4744
BUGTRAQ
OTHER-REF
Amazing Little Picture Poll -- Amazing Little Picture Poll
Amazing Little Poll -- Amazing Little Poll
(1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php).
unknown
2006-09-08
2.3CVE-2006-4653
BUGTRAQ
BID
XF
Andreas Gohr -- DokuWikiDokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
unknown
2006-09-11
2.3CVE-2006-4679
BUGTRAQ
ALTERVISTA
AuditWizard -- AuditWizardAuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.
unknown
2006-09-08
1.0CVE-2006-4642
BUGTRAQ
SECTRACK
SECUNIA
XF
FRSIRT
Benjamin Pasero and Tobias Eichert -- RSSOwlMultiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4760
OTHER-REF
cairohost -- VBZooMCross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441.
unknown
2006-09-08
2.3CVE-2006-4634
BUGTRAQ
BID
SECUNIA
XF
Canon -- imageRUNNERThe Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information.
unknown
2006-09-11
1.4CVE-2006-4680
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECUNIA
Cisco -- IOSCisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs.
unknown
2006-09-08
1.9CVE-2006-4650
BUGTRAQ
OTHER-REF
CISCO
SECTRACK
FRSIRT
SECUNIA
XF
ComScripts -- PHProgDirectory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
unknown
2006-09-13
2.3CVE-2006-4753
FULLDISC
OTHER-REF
OTHER-REF
BID
SECUNIA
XF
Dominic Gamble -- Timesheet.phpSQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
unknown
2006-09-12
2.3CVE-2006-4705
BUGTRAQ
BLOGSPOT
FRSIRT
SECUNIA
e107.org -- e107 website systemMultiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access."
unknown
2006-09-13
1.1CVE-2006-4757
BUGTRAQ
OTHER-REF
IBM -- DirectorDirectory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter.
unknown
2006-09-11
2.3CVE-2006-4681
Milw0rm
AIXAPAR
BID
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- DirectorMultiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
unknown
2006-09-11
2.3CVE-2006-4682
AIXAPAR
BID
FRSIRT
SECUNIA
IBM -- DirectorIBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
unknown
2006-09-11
2.3CVE-2006-4683
AIXAPAR
BID
FRSIRT
SECUNIA
ICQ Inc -- ICQ ToolbarAOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.
unknown
2006-09-08
1.9CVE-2006-4661
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
IDevSpot -- PhpLinkExchangeCross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2006-09-13
2.3CVE-2006-4742
BUGTRAQ
BID
IdevSpot -- TextAdsMultiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php.
unknown
2006-09-13
2.3CVE-2006-4747
BUGTRAQ
BID
Jetbox -- Jetbox CMSMultiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php.
unknown
2006-09-13
1.9CVE-2006-4739
BUGTRAQ
BID
XF
Jetbox -- Jetbox CMSJetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
unknown
2006-09-13
2.3CVE-2006-4740
BUGTRAQ
BID
XF
Kellan Elliott-McCrea -- MagpieRSSKellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages.
unknown
2006-09-13
2.3CVE-2006-4735
BUGTRAQ
XF
LedgerSMB -- LedgerSMB
DWS Systems Inc. -- SQL-Ledger
Directory traversal vulnerability in login.pl in (1) SQL-Ledger before 2.6.19 and (2) LedgerSMB before 1.0.0p1 allows remote attackers to execute arbitrary Perl code via unspecified vectors involving the terminal parameter.
unknown
2006-09-12
2.3CVE-2006-4731
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
BUGTRAQ
BID
Linux -- Linux kernelThe Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
unknown
2006-09-11
3.3CVE-2006-4623
MLIST
BID
SECUNIA
FRSIRT
Linux -- Linux kernel** DISPUTED ** The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios.
unknown
2006-09-08
2.3CVE-2006-4663
BUGTRAQ
BUGTRAQ
Luke Hutteman -- SharpReaderMultiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4761
OTHER-REF
Microsoft -- Windows 2000
Microsoft -- Windows Server 2003
Microsoft -- Windows XP
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving Internet Information Services (IIS).
unknown
2006-09-12
2.3CVE-2006-0032
MS
BID
FRSIRT
SECUNIA
CERT
CERT-VN
MKPortal -- MKPortalCross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information.
unknown
2006-09-08
2.3CVE-2006-4665
BUGTRAQ
FRSIRT
SECUNIA
XF
Mono -- XSP
SuSE -- SuSE Open Enterprise Server
SuSE -- SuSE Linux Professional
SuSE -- SuSE Linux Personal
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
unknown
2006-09-12
2.3CVE-2006-2658
SUSE
BID
FRSIRT
SECUNIA
SECTRACK
NewsGator -- FeedDemonMultiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
unknown
2006-09-12
2.3CVE-2006-4710
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
Panda -- Panda Platinum Internet SecurityPanda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns.
2006-08-11
2006-09-08
2.3CVE-2006-4658
BUGTRAQ
OTHER-REF
BID
SECUNIA
Panda -- Panda Platinum Internet SecurityThe Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability.
2006-08-11
2006-09-08
2.3CVE-2006-4659
BUGTRAQ
OTHER-REF
BID
SECUNIA
PHP -- PHPPHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
unknown
2006-09-12
3.3CVE-2006-4625
BUGTRAQ
BUGTRAQ
SECURITY REASON
BID
BUGTRAQ
XF
PHP-Fusion -- PHP-Fusion
PHP-Fusion -- PHP_Fusion
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
unknown
2006-09-11
1.9CVE-2006-4673
BUGTRAQ
ALTERVISTA
BID
SECUNIA
OTHER-REF
FRSIRT
XF
phpBB Group -- phpBBphpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00.
unknown
2006-09-13
2.2CVE-2006-4758
BUGTRAQ
OTHER-REF
phpMyDirectory -- phpMyDirectoryCross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-13
2.3CVE-2006-4755
FRSIRT
SECUNIA
PunBB -- PunBBPunBB 1.2.12 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by creating an avatar image file containing PHP code in the EXIF data, and uploading the file via unspecified vectors.
unknown
2006-09-13
2.2CVE-2006-4759
BUGTRAQ
OTHER-REF
Rob Hensley -- AckerTodoCross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.
unknown
2006-09-08
2.3CVE-2006-4668
BUGTRAQ
BID
SECUNIA
FRSIRT
XF
Sage -- SageMultiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
unknown
2006-09-12
2.3CVE-2006-4711
OTHER-REF
OTHER-REF
OTHER-REF
ScaryBear -- PocketExpense ProScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header.
unknown
2006-09-13
3.3CVE-2006-4745
BUGTRAQ
OTHER-REF
SoftBB -- SoftBBindex.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter.
unknown
2006-09-08
2.3CVE-2006-4633
BUGTRAQ
OTHER-REF
OTHER-REF
SECTRACK
Threesquared.net -- Php download scriptDirectory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter.
unknown
2006-09-08
2.3CVE-2006-4651
BUGTRAQ
FRSIRT
SECUNIA
XF
TIBCO -- RendezVousTIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
2006-09-01
2006-09-11
1.3CVE-2006-4676
Milw0rm
BID
FRSIRT
SECUNIA
TWiki -- TWikiDirectory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
unknown
2006-09-08
2.3CVE-2006-4294
OTHER-REF
BID
SECTRACK
FRSIRT
SECUNIA
VCD-db -- VCD-dbCross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.
unknown
2006-09-08
2.3CVE-2006-4628
OTHER-REF
SECUNIA
BID
FRSIRT
XF
Vikingboard -- VikingboardSQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter.
unknown
2006-09-12
2.3CVE-2006-4709
BUGTRAQ
BID
WordPress -- WordPressWordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110.
unknown
2006-09-13
2.3CVE-2006-4743
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
XHP -- CMSLaurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter.
unknown
2006-09-13
2.3CVE-2006-4752
BUGTRAQ
SECUNIA
FRSIRT
SECTRACK
XF
Ykoon -- RssReaderMultiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite.
unknown
2006-09-13
2.3CVE-2006-4762
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top