U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-268)

Vulnerability Summary for the Week of September 18, 2006

Original release date: September 25, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AEwebworks -- aeDatingMultiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
unknown
2006-09-19
7.0CVE-2006-4870
OTHER-REF
BID
FRSIRT
SECUNIA
XF
All Enthusiast Inc -- ReviewPost PHP ProPHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.
unknown
2006-09-19
7.0CVE-2006-4864
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
AlstraSoft -- E-FriendsDirectory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
unknown
2006-09-20
7.0CVE-2006-4913
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
unknown
2006-09-21
7.0CVE-2006-3507
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
unknown
2006-09-21
7.0CVE-2006-3508
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
unknown
2006-09-21
7.0CVE-2006-3509
APPLE
BID
FRSIRT
SECUNIA
Artmedic Webdesign -- Artmedic LinksPHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.
unknown
2006-09-20
7.0CVE-2006-4905
BUGTRAQ
OTHER-REF
SECTRACK
XF
ASP Indir -- Tekman PortalSQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
unknown
2006-09-20
7.0CVE-2006-4916
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Blojsom -- BlojsomMultiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
unknown
2006-09-15
7.0CVE-2006-4829
BUGTRAQ
CERT-VN
BID
FRSIRT
SECUNIA
XF
Blojsom -- BlojsomDirectory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
unknown
2006-09-15
7.0CVE-2006-4830
OTHER-REF
BolinOS -- BolinOSPHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-18
7.0CVE-2006-4851
FRSIRT
XF
Cisco -- Intrusion Prevention SystemUnspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
unknown
2006-09-20
7.0CVE-2006-4911
CISCO
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Codeworx Technologies -- DCP-PortalMultiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
unknown
2006-09-15
7.0CVE-2006-4837
BUGTRAQ
BID
EasyPageCMS -- EasyPageCMSSQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.
unknown
2006-09-19
7.0CVE-2006-4862
BUGTRAQ
guanxiCRM -- guanxiCRM Business SolutionPHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
unknown
2006-09-19
7.0CVE-2006-4898
OTHER-REF
BID
XF
Haberx -- HaberxSQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.
unknown
2006-09-18
7.0CVE-2006-4853
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Hitweb -- HitwebMultiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php.
unknown
2006-09-18
7.0CVE-2006-4848
BUGTRAQ
BID
iDevSpot -- NixieAffiliateIDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
unknown
2006-09-19
7.0CVE-2006-4895
BUGTRAQ
BID
Iodine -- IodineUnspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
unknown
2006-09-15
7.0CVE-2006-4831
OTHER-REF
BID
FRSIRT
SECUNIA
Marc Cagninacci -- mcLinksCounter** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file.
unknown
2006-09-19
7.0CVE-2006-4863
BUGTRAQ
BUGTRAQ
MobilePublisherPHP -- MobilePublisherPHPPHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
unknown
2006-09-18
7.0CVE-2006-4849
Milw0rm
SECUNIA
BID
FRSIRT
XF
Mohammed Mehdi Panjwani -- Complain CenterSQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
unknown
2006-09-19
7.0CVE-2006-4861
BUGTRAQ
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
unknown
2006-09-15
7.0CVE-2006-4565
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
unknown
2006-09-15
7.0CVE-2006-4568
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
SGI
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
unknown
2006-09-15
7.0CVE-2006-4571
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
PhotoPost -- PHP ProPHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
unknown
2006-09-15
7.0CVE-2006-4828
BUGTRAQ
BID
XF
PHP DocWriter -- PHP DocWriterPHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
unknown
2006-09-20
7.0CVE-2006-4912
OTHER-REF
BID
FRSIRT
XF
phpBB XS -- phpBB XSPHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
unknown
2006-09-19
7.0CVE-2006-4893
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
phpQuiz -- phpQuizPHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
unknown
2006-09-15
7.0CVE-2006-4834
BUGTRAQ
OTHER-REF
BID
FRSIRT
XF
phpunity.postcard -- phpunity-postcardPHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
unknown
2006-09-19
7.0CVE-2006-4869
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
Qualiteam -- X-CartDynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
unknown
2006-09-20
7.0CVE-2006-4904
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Quicksilver Forums -- Quicksilver ForumsPHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
unknown
2006-09-15
7.0CVE-2006-4824
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Reamday Enterprises -- Magic News ProPHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
unknown
2006-09-15
7.0CVE-2006-4823
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
Shadowed Portal -- Shadowed PortalPHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2006-09-15
7.0CVE-2006-4826
Milw0rm
BID
XF
OSVDB
SECUNIA
Shadowed Portal -- Shadowed PortalPHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
unknown
2006-09-19
7.0CVE-2006-4885
SECUNIA
Simple Discussion Board -- Simple Discussion BoardMultiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
unknown
2006-09-20
7.0CVE-2006-4918
OTHER-REF
BID
XF
Site@School -- Site@SchoolMultiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
unknown
2006-09-20
7.0CVE-2006-4920
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
OSVDB
Site@School -- Site@SchoolPHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
unknown
2006-09-20
7.0CVE-2006-4921
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
Techno Dreams -- Articles & Papers PackageSQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0CVE-2006-4891
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Techno Dreams -- FAQ Manager PackageSQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0CVE-2006-4892
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Unak -- Unak CMSMultiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
unknown
2006-09-19
7.0CVE-2006-4890
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Verso NetPerformer -- Frame Relay Access Device ACTBuffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
unknown
2006-09-15
8.0CVE-2006-4832
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
unknown
2006-09-19
4.9CVE-2006-4866
FULLDISC
OTHER-REF
BID
Apple -- Remote DesktopApple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.
unknown
2006-09-19
4.9CVE-2006-4887
BUGTRAQ
BID
XF
BolinOS -- BlinOSPHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
unknown
2006-09-18
5.6CVE-2006-4850
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Cisco -- Cisco Guard DDos Mitigation ApplianceCross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
unknown
2006-09-20
4.7CVE-2006-4909
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Citrix -- Access Gateway AACUnspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
unknown
2006-09-18
5.6CVE-2006-4846
CITRIX
CITRIX
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- Claroline
Dokeos -- Open Source Learning & Knowledge Management Tool
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
unknown
2006-09-18
5.6CVE-2006-4844
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
OTHER-REF
FRSIRT
SECUNIA
ClickTech -- ClickBlogSQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.
unknown
2006-09-19
4.7CVE-2006-4857
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-PortalSQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
unknown
2006-09-15
5.6CVE-2006-4836
BUGTRAQ
BID
David Bennett -- PHP-PostSQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2006-09-19
4.7CVE-2006-4879
BUGTRAQ
BID
David Bennett -- PHP-PostMultiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.
unknown
2006-09-19
4.7CVE-2006-4881
BUGTRAQ
BID
Doctor Web Ltd -- Dr.WebScannerHeap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
unknown
2006-09-20
4.7CVE-2006-4438
FULLDISC
FRSIRT
SECUNIA
George Lewe -- TeamCal ProPHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.
unknown
2006-09-18
5.6CVE-2006-4845
OTHER-REF
BID
BID
FRSIRT
SECUNIA
XF
Gnu -- Mailman** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
unknown
2006-09-19
4.7CVE-2006-2191
MLIST
MLIST
GNUTurk -- GNUTurkSQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."
unknown
2006-09-19
4.7CVE-2006-4867
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
gzip -- gzipArray index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
unknown
2006-09-19
4.7CVE-2006-4335
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzipBuffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
unknown
2006-09-19
4.7CVE-2006-4336
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzipBuffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
unknown
2006-09-19
4.7CVE-2006-4337
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
SECUNIA
SECUNIA
IDevSpot -- BizDirectoryMultiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.
unknown
2006-09-19
4.7CVE-2006-4883
BUGTRAQ
BID
XF
FRSIRT
SECTRACK
SECUNIA
IDevSpot -- iSupportMultiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-19
4.7CVE-2006-4884
BID
Ipswitch -- WS_FTP ServerMultiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
unknown
2006-09-18
4.2CVE-2006-4847
IPSWITCH
FRSIRT
SECUNIA
XF
BID
OSVDB
Julian Roberts -- Charon CartSQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
unknown
2006-09-19
4.7CVE-2006-4882
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Jupiter CMS -- Jupiter CMSMultiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.
unknown
2006-09-19
4.7CVE-2006-4874
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMSMultiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.
unknown
2006-09-19
4.7CVE-2006-4876
BUGTRAQ
BID
Keyvan Janghorbani -- EShoppingProSQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
unknown
2006-09-19
4.7CVE-2006-4871
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Keyvan Janghorbani -- ECardProSQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
unknown
2006-09-19
4.7CVE-2006-4872
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Limbo CMS -- Limbo CMSMultiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.
unknown
2006-09-19
4.9CVE-2006-4860
OTHER-REF
OTHER-REF
MamboXChange -- Serverstat componentPHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-09-19
5.6CVE-2006-4858
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Marc Logemann -- More.groupwareSQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
unknown
2006-09-20
4.7CVE-2006-4906
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerStack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
unknown
2006-09-19
4.7CVE-2006-4868
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
XF
OTHER-REF
SECTRACK
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OSVDB
Telekorn -- SignKorn GuestbookMultiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
unknown
2006-09-19
5.6CVE-2006-4889
BUGTRAQ
OTHER-REF
BID
XF
Vmist -- DownstatMultiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.
unknown
2006-09-15
5.6CVE-2006-4827
Milw0rm
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
A.l-Pifou -- A.l-PifouDirectory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
unknown
2006-09-20
1.9CVE-2006-4914
FULLDISC
OSVDB
SECUNIA
BID
FRSIRT
Bluview -- Blue Magic BoardBluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
unknown
2006-09-15
2.3CVE-2006-4835
BUGTRAQ
XF
Cisco -- Cisco IDS
Cisco -- Cisco IPS
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
unknown
2006-09-20
2.3CVE-2006-4910
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
CMtextS -- CMtextSCMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
unknown
2006-09-19
2.3CVE-2006-4897
OTHER-REF
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-PortalMultiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
unknown
2006-09-15
2.3CVE-2006-4838
BUGTRAQ
BID
David Bennett -- PHP-PostVariable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
unknown
2006-09-19
2.3CVE-2006-4877
BUGTRAQ
BID
David Bennett -- PHP-PostDirectory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter.
unknown
2006-09-19
2.3CVE-2006-4878
BUGTRAQ
BID
David Bennett -- PHP-PostDavid Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
unknown
2006-09-19
2.3CVE-2006-4880
BUGTRAQ
BID
Drupal -- Drupal Userreview moduleCross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-15
2.3CVE-2006-4821
OTHER-REF
FRSIRT
SECUNIA
BID
XF
eMuSOFT -- emuCMSMultiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
unknown
2006-09-15
2.3CVE-2006-4822
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
eSyndiCat Portal System -- eSyndiCat Portal SystemCross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
unknown
2006-09-20
2.3CVE-2006-4923
BUGTRAQ
BID
XF
FRSIRT
SECUNIA
gzip -- gzipUnspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
unknown
2006-09-19
2.3CVE-2006-4334
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
SECUNIA
SECUNIA
XF
gzip -- gzipunlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
unknown
2006-09-19
2.3CVE-2006-4338
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
OSVDB
SECUNIA
SECUNIA
HP -- HP-UXUnspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
unknown
2006-09-15
1.6CVE-2006-4820
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
iDevSpot -- NixieAffiliateCross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
unknown
2006-09-19
2.3CVE-2006-4894
BUGTRAQ
BID
Innovate Portal -- Innovate PortalCross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
unknown
2006-09-20
2.3CVE-2006-4915
BUGTRAQ
BID
XF
Jupiter CMS -- Jupiter CMSJupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.
unknown
2006-09-19
2.3CVE-2006-4873
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMSUnrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.
unknown
2006-09-19
2.3CVE-2006-4875
BUGTRAQ
BID
Limbo CMS -- Limbo CMSUnrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
unknown
2006-09-19
2.3CVE-2006-4859
OTHER-REF
BID
Linux -- Linux kernelThe Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
unknown
2006-09-19
2.3CVE-2006-4535
OTHER-REF
UBUNTU
BID
OTHER-REF
SECUNIA
XF
McAfee -- VirusScan Enterprise
McAfee -- McAfee Scan Engine
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
unknown
2006-09-19
3.9CVE-2006-4886
BUGTRAQ
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
unknown
2006-09-19
2.3CVE-2006-4888
BUGTRAQ
OTHER-REF
OSVDB
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.
unknown
2006-09-15
2.3CVE-2006-4340
MLIST
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
FRSIRT
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
unknown
2006-09-15
2.3CVE-2006-4566
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
unknown
2006-09-15
1.9CVE-2006-4567
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
UBUNTU
Mozilla -- FirefoxThe popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
unknown
2006-09-15
2.3CVE-2006-4569
OTHER-REF
SECUNIA
REDHAT
BID
SECTRACK
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
unknown
2006-09-15
1.9CVE-2006-4570
OTHER-REF
REDHAT
REDHAT
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Ohio State University -- serverOSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.
unknown
2006-09-20
2.3CVE-2006-4907
BUGTRAQ
SECUNIA
XF
Ohio State University -- OSU httpdOSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
unknown
2006-09-20
2.3CVE-2006-4908
BUGTRAQ
SECUNIA
XF
phpQuiz -- phpQuizWalter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
unknown
2006-09-19
2.3CVE-2006-4865
BUGTRAQ
PT News -- PT NewsCross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
unknown
2006-09-20
2.3CVE-2006-4917
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
QuadComm -- Q-ShopSQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
unknown
2006-09-18
2.3CVE-2006-4852
BUGTRAQ
Milw0rm
BID
SECUNIA
XF
FRSIRT
OSVDB
Roller WebLogger -- Roller WebLoggerMultiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.
unknown
2006-09-19
2.3CVE-2006-4856
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Site@School -- Site@SchoolDirectory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
unknown
2006-09-20
1.9CVE-2006-4919
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Site@School -- Site@SchoolUnrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
unknown
2006-09-20
2.3CVE-2006-4922
BUGTRAQ
OTHER-REF
BID
SoftComplex -- PHP Event CalendarMultiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
unknown
2006-09-15
2.3CVE-2006-4825
BUGTRAQ
BID
SECUNIA
XF
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
unknown
2006-09-19
2.3CVE-2006-4855
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Usermin -- UserminUsermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
unknown
2006-09-19
3.3CVE-2006-4246
OTHER-REF
SOURCEFORGE
OTHER-REF
DEBIAN
BID
SECUNIA
SECUNIA
FRSIRT
XF
Verso NetPerformer -- Frame Relay Access Device ACTVerso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
unknown
2006-09-15
3.3CVE-2006-4833
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF
Zope -- ZopeThe docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
unknown
2006-09-19
2.3CVE-2006-4684
MLIST
OTHER-REF
DEBIAN
FRSIRT
SECUNIA
SECUNIA

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
AEwebworks -- aeDatingMultiple PHP remote file inclusion vulnerabilities in AEDating 4.1, and possibly earlier versions, allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/design.inc.php or (2) inc/admin_design.inc.php.
unknown
2006-09-19
7.0CVE-2006-4870
OTHER-REF
BID
FRSIRT
SECUNIA
XF
All Enthusiast Inc -- ReviewPost PHP ProPHP remote file inclusion vulnerability in index.php in All Enthusiast ReviewPost 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the RP_PATH parameter.
unknown
2006-09-19
7.0CVE-2006-4864
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
AlstraSoft -- E-FriendsDirectory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
unknown
2006-09-20
7.0CVE-2006-4913
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS X Server
Apple -- Mac OS X
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.
unknown
2006-09-21
7.0CVE-2006-3507
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
unknown
2006-09-21
7.0CVE-2006-3508
APPLE
BID
FRSIRT
SECUNIA
Apple -- Mac OS X Server
Apple -- Mac OS X
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
unknown
2006-09-21
7.0CVE-2006-3509
APPLE
BID
FRSIRT
SECUNIA
Artmedic Webdesign -- Artmedic LinksPHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function.
unknown
2006-09-20
7.0CVE-2006-4905
BUGTRAQ
OTHER-REF
SECTRACK
XF
ASP Indir -- Tekman PortalSQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
unknown
2006-09-20
7.0CVE-2006-4916
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Blojsom -- BlojsomMultiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
unknown
2006-09-15
7.0CVE-2006-4829
BUGTRAQ
CERT-VN
BID
FRSIRT
SECUNIA
XF
Blojsom -- BlojsomDirectory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
unknown
2006-09-15
7.0CVE-2006-4830
OTHER-REF
BolinOS -- BolinOSPHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-18
7.0CVE-2006-4851
FRSIRT
XF
Cisco -- Intrusion Prevention SystemUnspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
unknown
2006-09-20
7.0CVE-2006-4911
CISCO
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Codeworx Technologies -- DCP-PortalMultiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
unknown
2006-09-15
7.0CVE-2006-4837
BUGTRAQ
BID
EasyPageCMS -- EasyPageCMSSQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page.
unknown
2006-09-19
7.0CVE-2006-4862
BUGTRAQ
guanxiCRM -- guanxiCRM Business SolutionPHP remote file inclusion vulnerability in include/phpxd/phpXD.php in guanxiCRM 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appconf[rootpath] parameter.
unknown
2006-09-19
7.0CVE-2006-4898
OTHER-REF
BID
XF
Haberx -- HaberxSQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp.
unknown
2006-09-18
7.0CVE-2006-4853
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Hitweb -- HitwebMultiple PHP remote file inclusion vulnerabilities in Brian Fraval Hitweb 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REP_CLASS parameter to (1) index.php, (2) arbo.php, (3) framepoint.php, (4) genpage.php, (5) lienvalider.php, (6) appreciation.php, (7) partenariat.php, (8) rechercher.php, (9) projet.php, (10) propoexample.php, (11) refererpoint.php, or (12) top50.php.
unknown
2006-09-18
7.0CVE-2006-4848
BUGTRAQ
BID
iDevSpot -- NixieAffiliateIDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
unknown
2006-09-19
7.0CVE-2006-4895
BUGTRAQ
BID
Iodine -- IodineUnspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
unknown
2006-09-15
7.0CVE-2006-4831
OTHER-REF
BID
FRSIRT
SECUNIA
Marc Cagninacci -- mcLinksCounter** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2) stats.php, (3) detail.php, or (4) erase.php. NOTE: CVE and a third party dispute this vulnerability, because the langfile parameter is set to english.php in each file.
unknown
2006-09-19
7.0CVE-2006-4863
BUGTRAQ
BUGTRAQ
MobilePublisherPHP -- MobilePublisherPHPPHP remote file inclusion vulnerability in header.php in MobilePublisherPHP 1.5 RC2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
unknown
2006-09-18
7.0CVE-2006-4849
Milw0rm
SECUNIA
BID
FRSIRT
XF
Mohammed Mehdi Panjwani -- Complain CenterSQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.
unknown
2006-09-19
7.0CVE-2006-4861
BUGTRAQ
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
unknown
2006-09-15
7.0CVE-2006-4565
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.
unknown
2006-09-15
7.0CVE-2006-4568
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
SGI
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
unknown
2006-09-15
7.0CVE-2006-4571
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
PhotoPost -- PHP ProPHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.
unknown
2006-09-15
7.0CVE-2006-4828
BUGTRAQ
BID
XF
PHP DocWriter -- PHP DocWriterPHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
unknown
2006-09-20
7.0CVE-2006-4912
OTHER-REF
BID
FRSIRT
XF
phpBB XS -- phpBB XSPHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
unknown
2006-09-19
7.0CVE-2006-4893
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
phpQuiz -- phpQuizPHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
unknown
2006-09-15
7.0CVE-2006-4834
BUGTRAQ
OTHER-REF
BID
FRSIRT
XF
phpunity.postcard -- phpunity-postcardPHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
unknown
2006-09-19
7.0CVE-2006-4869
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
Qualiteam -- X-CartDynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
unknown
2006-09-20
7.0CVE-2006-4904
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Quicksilver Forums -- Quicksilver ForumsPHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.
unknown
2006-09-15
7.0CVE-2006-4824
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Reamday Enterprises -- Magic News ProPHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter.
unknown
2006-09-15
7.0CVE-2006-4823
OTHER-REF
BID
FRSIRT
SECUNIA
BUGTRAQ
XF
Shadowed Portal -- Shadowed PortalPHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
unknown
2006-09-15
7.0CVE-2006-4826
Milw0rm
BID
XF
OSVDB
SECUNIA
Shadowed Portal -- Shadowed PortalPHP remote file inclusion vulnerability in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) footer.php and (2) header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The bottom.php parameter is already covered by CVE-2006-4826.
unknown
2006-09-19
7.0CVE-2006-4885
SECUNIA
Simple Discussion Board -- Simple Discussion BoardMultiple PHP remote file inclusion vulnerabilities in Simple Discussion Board 0.1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) env_dir parameter to (a) blank.php, (b) admin.php, or (c) builddb.php, and the (2) script_root parameter to blank.php.
unknown
2006-09-20
7.0CVE-2006-4918
OTHER-REF
BID
XF
Site@School -- Site@SchoolMultiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php.
unknown
2006-09-20
7.0CVE-2006-4920
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
OSVDB
Site@School -- Site@SchoolPHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information.
unknown
2006-09-20
7.0CVE-2006-4921
BUGTRAQ
FRSIRT
SECUNIA
OSVDB
Techno Dreams -- Articles & Papers PackageSQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0CVE-2006-4891
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Techno Dreams -- FAQ Manager PackageSQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-09-19
7.0CVE-2006-4892
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
FRSIRT
Unak -- Unak CMSMultiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dirroot parameter to (1) fckeditor/editor/filemanager/browser/default/connectors/php/connector.php or (2) fckeditor/editor/dialog/fck_link.php.
unknown
2006-09-19
7.0CVE-2006-4890
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Verso NetPerformer -- Frame Relay Access Device ACTBuffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
unknown
2006-09-15
8.0CVE-2006-4832
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X Server
Apple -- Mac OS X
Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.
unknown
2006-09-19
4.9CVE-2006-4866
FULLDISC
OTHER-REF
BID
Apple -- Remote DesktopApple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation.
unknown
2006-09-19
4.9CVE-2006-4887
BUGTRAQ
BID
XF
BolinOS -- BlinOSPHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter.
unknown
2006-09-18
5.6CVE-2006-4850
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
XF
Cisco -- Cisco Guard DDos Mitigation ApplianceCross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
unknown
2006-09-20
4.7CVE-2006-4909
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
Citrix -- Access Gateway AACUnspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors.
unknown
2006-09-18
5.6CVE-2006-4846
CITRIX
CITRIX
BID
FRSIRT
SECTRACK
SECUNIA
XF
Claroline -- Claroline
Dokeos -- Open Source Learning & Knowledge Management Tool
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
unknown
2006-09-18
5.6CVE-2006-4844
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
OTHER-REF
FRSIRT
SECUNIA
ClickTech -- ClickBlogSQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.
unknown
2006-09-19
4.7CVE-2006-4857
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-PortalSQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
unknown
2006-09-15
5.6CVE-2006-4836
BUGTRAQ
BID
David Bennett -- PHP-PostSQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
unknown
2006-09-19
4.7CVE-2006-4879
BUGTRAQ
BID
David Bennett -- PHP-PostMultiple cross-site scripting (XSS) vulnerabilities in David Bennett PHP-Post (PHPp) 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the replyuser parameter in (a) pm.php; (2) the txt_jumpto parameter in (b) dropdown.php; the (3) txt_error and (4) txt_templatenotexist parameters in (c) template.php; the (5) split parameter in certain files, as demonstrated by (d) editprofile.php, (e) search.php, (f) index.php, and (g) pm.php; and the (6) txt_login parameter in (h) loginline.php; and allow remote authenticated users to inject arbitrary web script or HTML via the (7) txt_logout parameter in (i) loginline.php.
unknown
2006-09-19
4.7CVE-2006-4881
BUGTRAQ
BID
Doctor Web Ltd -- Dr.WebScannerHeap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
unknown
2006-09-20
4.7CVE-2006-4438
FULLDISC
FRSIRT
SECUNIA
George Lewe -- TeamCal ProPHP remote file inclusion vulnerability in includes/footer.html.inc.php in TeamCal Pro 2.8.001 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tc_config[app_root] parameter.
unknown
2006-09-18
5.6CVE-2006-4845
OTHER-REF
BID
BID
FRSIRT
SECUNIA
XF
Gnu -- Mailman** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable."
unknown
2006-09-19
4.7CVE-2006-2191
MLIST
MLIST
GNUTurk -- GNUTurkSQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."
unknown
2006-09-19
4.7CVE-2006-4867
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
gzip -- gzipArray index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
unknown
2006-09-19
4.7CVE-2006-4335
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzipBuffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
unknown
2006-09-19
4.7CVE-2006-4336
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
FRSIRT
SECUNIA
SECUNIA
XF
gzip -- gzipBuffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
unknown
2006-09-19
4.7CVE-2006-4337
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
SECUNIA
SECUNIA
IDevSpot -- BizDirectoryMultiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.
unknown
2006-09-19
4.7CVE-2006-4883
BUGTRAQ
BID
XF
FRSIRT
SECTRACK
SECUNIA
IDevSpot -- iSupportMultiple cross-site scripting (XSS) vulnerabilities in IDevSpot iSupport 1.8 allow remote attackers to inject arbitrary web script or HTML via (1) the suser parameter in support/rightbar.php, (2) the ticket_id parameter in support/open_tickets.php, and (3) the cons_page_title parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-19
4.7CVE-2006-4884
BID
Ipswitch -- WS_FTP ServerMultiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands.
unknown
2006-09-18
4.2CVE-2006-4847
IPSWITCH
FRSIRT
SECUNIA
XF
BID
OSVDB
Julian Roberts -- Charon CartSQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
unknown
2006-09-19
4.7CVE-2006-4882
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Jupiter CMS -- Jupiter CMSMultiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS allow remote attackers to inject arbitrary web script or HTML via the (1) language[Admin name] and (2) language[Admin back] parameters in (a) modules/blocks.php; the (3) language[Register title] and (4) language[Register title2] parameters in (b) modules/register.php; the (5) language[Mass-Email form title], (6) language[Mass-Email form desc], (7) language[Mass-Email form desc2] (8) language[Mass-Email form desc3], and (9) language[Mass-Email form desc4] parameters in (c) modules/mass-email.php; the (10) language[Forgotten title], (11) language[Forgotten desc], (12) language[Forgotten desc2], (13) language[Forgotten desc3], (14) language[Forgotten desc4], and (15) language[Forgotten desc5] parameters in (d) modules/register.php; and the (16) language[Search view desc], (17) language[Search view desc2], (18) language[Search view desc3], (19) language[Search view desc4], (20) language[Search view desc5], (21) language[Search view desc6], (22) language[Search view desc7], and (23) language[Search view desc8] parameters in (e) modules/search.php.
unknown
2006-09-19
4.7CVE-2006-4874
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMSMultiple SQL injection vulnerabilities in Jupiter CMS allow remote attackers to execute arbitrary SQL commands via (1) the user name during login, or the (2) key or (3) fpwusername parameters in modules/register.
unknown
2006-09-19
4.7CVE-2006-4876
BUGTRAQ
BID
Keyvan Janghorbani -- EShoppingProSQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter.
unknown
2006-09-19
4.7CVE-2006-4871
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Keyvan Janghorbani -- ECardProSQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
unknown
2006-09-19
4.7CVE-2006-4872
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Limbo CMS -- Limbo CMSMultiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.
unknown
2006-09-19
4.9CVE-2006-4860
OTHER-REF
OTHER-REF
MamboXChange -- Serverstat componentPHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-09-19
5.6CVE-2006-4858
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Marc Logemann -- More.groupwareSQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
unknown
2006-09-20
4.7CVE-2006-4906
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Microsoft -- Internet ExplorerStack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
unknown
2006-09-19
4.7CVE-2006-4868
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
XF
OTHER-REF
SECTRACK
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OSVDB
Telekorn -- SignKorn GuestbookMultiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) includes/functions.gb.php, (3) includes/functions.admin.php, (4) includes/admin.inc.php, (5) help.php, (6) smile.php, (7) entry.php; (8) adminhelp0.php, (9) adminhelp1.php, (10) adminhelp2.php, and (11) adminhelp3.php in (a) help/en and (b) help/de directories; and the (12) preview.php, (13) log.php, (14) index.php, (15) config.php, and (16) admin.php in the (c) admin directory, a different set of vectors than CVE-2006-4788.
unknown
2006-09-19
5.6CVE-2006-4889
BUGTRAQ
OTHER-REF
BID
XF
Vmist -- DownstatMultiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.
unknown
2006-09-15
5.6CVE-2006-4827
Milw0rm
BID
FRSIRT
SECUNIA
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
A.l-Pifou -- A.l-PifouDirectory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
unknown
2006-09-20
1.9CVE-2006-4914
FULLDISC
OSVDB
SECUNIA
BID
FRSIRT
Bluview -- Blue Magic BoardBluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
unknown
2006-09-15
2.3CVE-2006-4835
BUGTRAQ
XF
Cisco -- Cisco IDS
Cisco -- Cisco IPS
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
unknown
2006-09-20
2.3CVE-2006-4910
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF
CMtextS -- CMtextSCMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
unknown
2006-09-19
2.3CVE-2006-4897
OTHER-REF
FRSIRT
SECUNIA
XF
Codeworx Technologies -- DCP-PortalMultiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
unknown
2006-09-15
2.3CVE-2006-4838
BUGTRAQ
BID
David Bennett -- PHP-PostVariable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
unknown
2006-09-19
2.3CVE-2006-4877
BUGTRAQ
BID
David Bennett -- PHP-PostDirectory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter.
unknown
2006-09-19
2.3CVE-2006-4878
BUGTRAQ
BID
David Bennett -- PHP-PostDavid Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
unknown
2006-09-19
2.3CVE-2006-4880
BUGTRAQ
BID
Drupal -- Drupal Userreview moduleCross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-15
2.3CVE-2006-4821
OTHER-REF
FRSIRT
SECUNIA
BID
XF
eMuSOFT -- emuCMSMultiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
unknown
2006-09-15
2.3CVE-2006-4822
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB
eSyndiCat Portal System -- eSyndiCat Portal SystemCross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
unknown
2006-09-20
2.3CVE-2006-4923
BUGTRAQ
BID
XF
FRSIRT
SECUNIA
gzip -- gzipUnspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
unknown
2006-09-19
2.3CVE-2006-4334
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
SECUNIA
SECUNIA
XF
gzip -- gzipunlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
unknown
2006-09-19
2.3CVE-2006-4338
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
OSVDB
SECUNIA
SECUNIA
HP -- HP-UXUnspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
unknown
2006-09-15
1.6CVE-2006-4820
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF
iDevSpot -- NixieAffiliateCross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
unknown
2006-09-19
2.3CVE-2006-4894
BUGTRAQ
BID
Innovate Portal -- Innovate PortalCross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
unknown
2006-09-20
2.3CVE-2006-4915
BUGTRAQ
BID
XF
Jupiter CMS -- Jupiter CMSJupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.
unknown
2006-09-19
2.3CVE-2006-4873
BUGTRAQ
BID
Jupiter CMS -- Jupiter CMSUnrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.
unknown
2006-09-19
2.3CVE-2006-4875
BUGTRAQ
BID
Limbo CMS -- Limbo CMSUnrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
unknown
2006-09-19
2.3CVE-2006-4859
OTHER-REF
BID
Linux -- Linux kernelThe Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
unknown
2006-09-19
2.3CVE-2006-4535
OTHER-REF
UBUNTU
BID
OTHER-REF
SECUNIA
XF
McAfee -- VirusScan Enterprise
McAfee -- McAfee Scan Engine
The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
unknown
2006-09-19
3.9CVE-2006-4886
BUGTRAQ
XF
Microsoft -- Internet ExplorerMicrosoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
unknown
2006-09-19
2.3CVE-2006-4888
BUGTRAQ
OTHER-REF
OSVDB
Mozilla -- Network Security Services (NSS)
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.
unknown
2006-09-15
2.3CVE-2006-4340
MLIST
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
FRSIRT
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA
Mozilla -- SeaMonkey
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
unknown
2006-09-15
2.3CVE-2006-4566
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Mozilla -- Firefox
Mozilla -- Thunderbird
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
unknown
2006-09-15
1.9CVE-2006-4567
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
UBUNTU
Mozilla -- FirefoxThe popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
unknown
2006-09-15
2.3CVE-2006-4569
OTHER-REF
SECUNIA
REDHAT
BID
SECTRACK
SECUNIA
XF
Mozilla -- SeaMonkey
Mozilla -- Thunderbird
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
unknown
2006-09-15
1.9CVE-2006-4570
OTHER-REF
REDHAT
REDHAT
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA
Ohio State University -- serverOSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.
unknown
2006-09-20
2.3CVE-2006-4907
BUGTRAQ
SECUNIA
XF
Ohio State University -- OSU httpdOSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
unknown
2006-09-20
2.3CVE-2006-4908
BUGTRAQ
SECUNIA
XF
phpQuiz -- phpQuizWalter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
unknown
2006-09-19
2.3CVE-2006-4865
BUGTRAQ
PT News -- PT NewsCross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
unknown
2006-09-20
2.3CVE-2006-4917
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
QuadComm -- Q-ShopSQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
unknown
2006-09-18
2.3CVE-2006-4852
BUGTRAQ
Milw0rm
BID
SECUNIA
XF
FRSIRT
OSVDB
Roller WebLogger -- Roller WebLoggerMultiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.
unknown
2006-09-19
2.3CVE-2006-4856
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA
Site@School -- Site@SchoolDirectory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
unknown
2006-09-20
1.9CVE-2006-4919
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Site@School -- Site@SchoolUnrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
unknown
2006-09-20
2.3CVE-2006-4922
BUGTRAQ
OTHER-REF
BID
SoftComplex -- PHP Event CalendarMultiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
unknown
2006-09-15
2.3CVE-2006-4825
BUGTRAQ
BID
SECUNIA
XF
Symantec -- Norton Personal Firewall
Symantec -- Norton Internet Security
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
unknown
2006-09-19
2.3CVE-2006-4855
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Usermin -- UserminUsermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
unknown
2006-09-19
3.3CVE-2006-4246
OTHER-REF
SOURCEFORGE
OTHER-REF
DEBIAN
BID
SECUNIA
SECUNIA
FRSIRT
XF
Verso NetPerformer -- Frame Relay Access Device ACTVerso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
unknown
2006-09-15
3.3CVE-2006-4833
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF
Zope -- ZopeThe docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
unknown
2006-09-19
2.3CVE-2006-4684
MLIST
OTHER-REF
DEBIAN
FRSIRT
SECUNIA
SECUNIA

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top