U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Bulletin (SB06-275)

Vulnerability Summary for the Week of September 25, 2006

Original release date: October 02, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Activision -- Call of Duty 2
Activision -- Call of Duty
Activision -- Call of Duty United Offensive
Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command.
unknown
2006-09-27
7.0CVE-2006-5058
OTHER-REF
BID
SECUNIA
Aspindir -- xweblogSQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
unknown
2006-09-27
7.0CVE-2006-5023
OTHER-REF
BID
XF
Blue Dragon -- PHP Blue DragonCross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
unknown
2006-09-23
7.0CVE-2006-4960
OTHER-REF
FRSIRT
SECUNIA
XF
BID
XF
Blue Dragon -- PHP Blue DragonSQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
unknown
2006-09-23
7.0CVE-2006-4961
OTHER-REF
FRSIRT
SECUNIA
XF
BID
Chumpsoft -- phpQuestionnairePHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter.
unknown
2006-09-24
7.0CVE-2006-4966
OTHER-REF
Milw0rm
BID
XF
BUGTRAQ
SECUNIA
Cisco -- Cisco Network Access ControlCisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
unknown
2006-09-25
7.0CVE-2006-4983
BUGTRAQ
OTHER-REF
e-Vision -- e-Vision CMSSQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter.
unknown
2006-09-27
7.0CVE-2006-5017
BUGTRAQ
BID
exV2 -- exV2SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
unknown
2006-09-27
7.0CVE-2006-5030
OTHER-REF
BID
SECUNIA
XF
FiWin -- SS28S WiFi VoIP SIP/Skype PhoneThe FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet.
unknown
2006-09-27
7.0CVE-2006-5038
FULLDISC
OTHER-REF
BID
Forum One -- syntaxCMSPHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
unknown
2006-09-27
7.0CVE-2006-5055
FULLDISC
OTHER-REF
FRSIRT
FreeBSD -- FreeBSDInteger overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
2006-08-16
2006-09-25
7.0CVE-2006-4172
IDEFENSE
BUGTRAQ
SECUNIA
Grayscale -- BandSite CMSMultiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-3193.
unknown
2006-09-25
7.0CVE-2006-4984
BUGTRAQ
BID
IBM -- AIXUnspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.
unknown
2006-09-26
7.0CVE-2006-5003
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.
unknown
2006-09-26
7.0CVE-2006-5005
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXBuffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.
unknown
2006-09-26
7.0CVE-2006-5006
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
7.0CVE-2006-5008
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.
unknown
2006-09-26
7.0CVE-2006-5009
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUntrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.
unknown
2006-09-26
7.0CVE-2006-5010
OTHER-REF
AIXAPAR
IBM -- AIXUntrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
unknown
2006-09-26
7.0CVE-2006-5011
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Ipswitch -- WS_FTP ServerBuffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
unknown
2006-09-24
7.0CVE-2006-4974
OTHER-REF
BID
XF
SECUNIA
iyzi Forum -- iyzi ForumSQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
unknown
2006-09-27
7.0CVE-2006-5054
OTHER-REF
FRSIRT
Joomla! -- JD-WordPressMultiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
unknown
2006-09-25
7.0CVE-2006-4992
OTHER-REF
OTHER-REF
OTHER-REF
BID
OSVDB
OSVDB
OSVDB
Joomla! -- BSQ SitestatsPHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-09-25
7.0CVE-2006-4995
OTHER-REF
OTHER-REF
Joomla! -- JoomlaLibUnspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
unknown
2006-09-25
7.0CVE-2006-4996
OTHER-REF
OTHER-REF
OTHER-REF
Kietu -- KietuPHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
unknown
2006-09-26
7.0CVE-2006-5015
BUGTRAQ
MLIST
BID
XF
MAXdev -- MD-ProCross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.
unknown
2006-09-23
7.0CVE-2006-4964
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Office
Microsoft -- Office XP
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-complicit attackers to execute arbitrary code via a crafted PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F.
unknown
2006-09-27
8.0CVE-2006-4694
OTHER-REF
OTHER-REF
BID
OTHER-REF
CERT-VN
FRSIRT
NextAge -- NextAge Shopping CartMultiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php.
unknown
2006-09-24
7.0CVE-2006-4967
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Patrick Michaelis -- Wili-CMSMultiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.
unknown
2006-09-25
7.0CVE-2006-4987
BUGTRAQ
BID
PhotoPost -- PhotoPost PHP ProMultiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.
unknown
2006-09-25
7.0CVE-2006-4990
BUGTRAQ
PHPartenaire -- PHPartenairePHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.
unknown
2006-09-27
7.0CVE-2006-5032
OTHER-REF
SECUNIA
XF
pNews Systems -- pNewsPHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter.
unknown
2006-09-27
7.0CVE-2006-5022
OTHER-REF
BID
XF
PostNuke Software Foundation -- PNphpBBPHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-09-24
7.0CVE-2006-4968
BUGTRAQ
OTHER-REF
FRSIRT
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
SECTRACK
RedBLoG -- RedBLoGMultiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
7.0CVE-2006-5021
BID
SolidState -- SolidStateMultiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
unknown
2006-09-27
7.0CVE-2006-5020
OTHER-REF
XF
Squiz -- MySource Classic
Squiz -- MySource Matrix
** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
2006-04-27
2006-09-27
7.0CVE-2006-5036
BUGTRAQ
OTHER-REF
Squiz -- MySource Matrix** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
2006-04-27
2006-09-27
7.0CVE-2006-5037
BUGTRAQ
OTHER-REF
Sun -- Sun Secure Global DesktopCross-site scripting (XSS) vulnerability in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
unknown
2006-09-23
7.0CVE-2006-4958
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Voice of Web -- AllMyGuestsMultiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).
unknown
2006-09-25
7.0CVE-2006-4993
OTHER-REF
XF
WAHM E-Commerce -- Pie Cart ProMultiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
unknown
2006-09-24
7.0CVE-2006-4969
Milw0rm
BID
XF
WAHM E-Commerce -- Pie Cart ProPHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
unknown
2006-09-24
7.0CVE-2006-4970
BUGTRAQ
Milw0rm
BID
XF
Walter Beschmout -- PhpQuizMultiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
unknown
2006-09-24
7.0CVE-2006-4978
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Web-News -- Web-NewsPHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
unknown
2006-09-27
7.0CVE-2006-5053
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
WoltLab -- Burning BoardSQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
unknown
2006-09-27
7.0CVE-2006-5029
BUGTRAQ
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Friends -- XAMPPMultiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
unknown
2006-09-25
4.9CVE-2006-4994
FULLDISC
OTHER-REF
OTHER-REF
XF
Blue Dragon -- PHP Blue DragonDirectory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
unknown
2006-09-23
4.7CVE-2006-4962
OTHER-REF
FRSIRT
SECUNIA
BID
XF
Cisco -- Cisco Network Access ControlCisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
unknown
2006-09-25
4.9CVE-2006-4982
BUGTRAQ
OTHER-REF
CMSDevelopment -- Business Card Web BuilderPHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
unknown
2006-09-22
5.6CVE-2006-4946
Milw0rm
BID
FRSIRT
SECUNIA
XF
Computer Associates -- eTrust Audit Client
Computer Associates -- eTrust Audit DataTools
Computer Associates -- eTrust Audit Policy Manager
Computer Associates -- eTrust Security Command Center
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
2006-01-21
2006-09-22
4.7CVE-2006-4901
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
XF
cPanel -- cPanelUnspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
unknown
2006-09-26
6.0CVE-2006-5014
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Exponent -- Exponent CMSDirectory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
unknown
2006-09-23
4.7CVE-2006-4963
Milw0rm
BID
FRSIRT
SECUNIA
IBM -- AIXUntrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
unknown
2006-09-26
4.9CVE-2006-5007
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Ipswitch -- WS_FTP ServerMultiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
2006-09-01
2006-09-26
4.2CVE-2006-5000
OTHER-REF
OTHER-REF
Ipswitch -- WS_FTP ServerUnspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
unknown
2006-09-26
4.9CVE-2006-5001
Joomla! -- Events moduleUnspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5039
OTHER-REF
OTHER-REF
Joomla! -- SEF4040xUnspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5040
OTHER-REF
Joomla! -- Hot PropertiesUnspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5041
OTHER-REF
Joomla! -- mosMediaUnspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5042
OTHER-REF
OTHER-REF
Joomla! -- JoomlaBoardUnspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and earlier for Joomla! has unspecified impact and attack vectors, possibly related to sbp file inclusion, a variant of CVE-2006-3528.
unknown
2006-09-27
4.9CVE-2006-5043
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Joomla! -- RS Gallery2Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."
unknown
2006-09-27
4.9CVE-2006-5046
OTHER-REF
OTHER-REF
OTHER-REF
Joomla! -- RS Gallery2Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.
unknown
2006-09-27
4.9CVE-2006-5047
OTHER-REF
Joomla! -- Security Images componentUnspecified vulnerability in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! has unspecified impact and attack vectors, possibly a PHP remote file inclusion vulnerability in the mosConfig_absolute_path parameter in configinsert.php, lang.php, client.php, and server.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
4.9CVE-2006-5048
OTHER-REF
OTHER-REF
SECUNIA
Joomla! -- Classifieds componentUnspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5049
OTHER-REF
OTHER-REF
Mambo -- Prince Clan Chess component
Joomla! -- Prince Clan Chess component
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5044
OTHER-REF
OTHER-REF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
unknown
2006-09-24
5.6CVE-2006-4972
BUGTRAQ
FRSIRT
SECUNIA
OpenBSD -- OpenSSHSignal handler race condition in OpenSSH before 4.4 allows remote remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors.
unknown
2006-09-27
5.6CVE-2006-5051
MLIST
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5024
OTHER-REF
BID
SECUNIA
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5025
OTHER-REF
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5026
OTHER-REF
Sun -- SolarisUnspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
unknown
2006-09-26
4.7CVE-2006-5012
SUNALERT
FRSIRT
SECUNIA
Symantec -- Sygate Network Access ControlSymantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).
unknown
2006-09-25
4.9CVE-2006-4981
BUGTRAQ
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Quicktime plugin
Apple -- Quicktime Player
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.
unknown
2006-09-24
2.3CVE-2006-4965
OTHER-REF
BID
SECUNIA
BUGTRAQ
Cake Software Foundation -- CakePHPDirectory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
unknown
2006-09-27
2.3CVE-2006-5031
OTHER-REF
OTHER-REF
BID
SECUNIA
Computer Associates -- eTrust Security Command CenterThe ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
2006-01-21
2006-09-22
2.3CVE-2006-4899
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
XF
Computer Associates -- eTrust Security Command CenterDirectory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
2006-01-21
2006-09-22
2.8CVE-2006-4900
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
XF
ContentKeeper Technologies -- ContentKeeperContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.
2006-03-15
2006-09-27
1.4CVE-2006-5018
BUGTRAQ
OTHER-REF
BID
DotNetNuke -- DotNetNukeCross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
2006-09-04
2006-09-24
2.3CVE-2006-4973
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
e-Vision -- e-Vision CMSUnrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.
unknown
2006-09-27
2.3CVE-2006-5016
BUGTRAQ
BID
FreeBSD -- FreeBSDInteger signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
2006-08-16
2006-09-25
2.3CVE-2006-4178
IDEFENSE
BUGTRAQ
SECUNIA
Google -- Mini Search ApplianceGoogle Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
unknown
2006-09-27
2.3CVE-2006-5019
BUGTRAQ
BID
Grayscale -- BandSite CMSMultiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the the_band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php.
unknown
2006-09-25
2.3CVE-2006-4985
BUGTRAQ
BID
Grayscale -- BandSite CMSGrayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) adminpanel/includes/previews/preview_bio.php, (8) adminpanel/includes/previews/preview_genmerch.php, (9) adminpanel/includes/previews/preview_fliers.php, (10) adminpanel/includes/previews/preview_gbook.php, (11) adminpanel/includes/previews/preview_interviews.php, (12) adminpanel/includes/previews/preview_links.php, (13) adminpanel/includes/previews/preview_lyrics.php, (14) adminpanel/includes/previews/preview_membio.php, (15) adminpanel/includes/previews/preview_merchphotos.php, (16) adminpanel/includes/previews/preview_mp3s.php, (17) adminpanel/includes/previews/preview_news.php, (18) adminpanel/includes/previews/preview_photos.php, (19) adminpanel/includes/previews/preview_releases.php, (20) adminpanel/includes/previews/preview_relmerch.php, (21) adminpanel/includes/previews/preview_relphotos.php, (22) adminpanel/includes/previews/preview_reviews.php, (23) adminpanel/includes/previews/preview_shows.php, (24) adminpanel/includes/previews/preview_wearmerch.php, (25) adminpanel/includes/change_forms/change_bio.php, (26) adminpanel/includes/change_forms/change_fliers.php, (27) adminpanel/includes/change_forms/change_gbook.php, (28) adminpanel/includes/change_forms/change_gen_merch.php, (29) adminpanel/includes/change_forms/change_interview.php, (30) adminpanel/includes/change_forms/change_links.php, (31) adminpanel/includes/change_forms/change_lyrics.php, (32) adminpanel/includes/change_forms/change_members.php, (33) adminpanel/includes/change_forms/change_merch.php, (34) adminpanel/includes/change_forms/change_merch_pic.php, (35) adminpanel/includes/change_forms/change_mp3s.php, (36) adminpanel/includes/change_forms/change_news.php, (37) adminpanel/includes/change_forms/change_photos.php, (38) adminpanel/includes/change_forms/change_rel_merch.php, (39) adminpanel/includes/change_forms/change_rel_pic.php, (40) adminpanel/includes/change_forms/change_releases.php, (41) adminpanel/includes/change_forms/change_reviews.php, (42) adminpanel/includes/change_forms/change_shows.php, and (43) adminpanel/includes/change_forms/change_wear_merch.php, which reveals the path in various error messages.
unknown
2006-09-25
2.3CVE-2006-4986
BUGTRAQ
BID
IBM -- Inventory ScoutUnspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
2.3CVE-2006-5002
OTHER-REF
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
1.6CVE-2006-5004
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Jeroen Vennegoor -- JevonCMSJeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages.
unknown
2006-09-27
2.3CVE-2006-5027
BUGTRAQ
John Lim -- ADOdb Date LibraryThe Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
unknown
2006-09-24
2.3CVE-2006-4976
BUGTRAQ
Joomla! -- PollXTUnspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
3.9CVE-2006-5045
OTHER-REF
OTHER-REF
SECUNIA
Ktools.net -- PhotoStoreMultiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.
unknown
2006-09-27
2.3CVE-2006-5057
BUGTRAQ
BID
MyBB -- MyBBMyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
unknown
2006-09-24
2.3CVE-2006-4971
BUGTRAQ
FRSIRT
OpenBSD -- OpenSSHsshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
unknown
2006-09-26
3.3CVE-2006-4924
OTHER-REF
BID
SECUNIA
MLIST
OpenBSD -- OpenSSHUnspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
unknown
2006-09-27
2.3CVE-2006-5052
MLIST
Opial -- Opial Audio/Video Download ManagementCross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view.
unknown
2006-09-27
2.3CVE-2006-5056
BUGTRAQ
BID
Patrick Michaelis -- Wili-CMSMultiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors.
unknown
2006-09-25
2.3CVE-2006-4988
BUGTRAQ
BID
Patrick Michaelis -- Wili-CMSPatrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
unknown
2006-09-25
2.3CVE-2006-4989
BUGTRAQ
BID
Paul Smith Computer Services -- vCAPUnspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
2006-08-16
2006-09-27
2.3CVE-2006-5033
FULLDISC
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Paul Smith Computer Services -- vCAPDirectory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2006-09-27
2.3CVE-2006-5034
FULLDISC
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Paul Smith Computer Services -- vCAPMultiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
2.3CVE-2006-5035
FRSIRT
OSVDB
OSVDB
SECUNIA
Rob Landley -- BusyBoxDirectory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
unknown
2006-09-27
2.3CVE-2006-5050
BUGTRAQ
SECTRACK
RSA -- Keon Certificate Authority ManagerRSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by mopdifying CA auditor logs without detection by (1) modifying or deleting a and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.
2006-06-17
2006-09-25
3.3CVE-2006-4991
FULLDISC
BID
XF
XF
Sun -- Sun Secure Global DesktopSun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
2006-06-06
2006-09-23
2.3CVE-2006-4959
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Sun -- SolarisSun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
unknown
2006-09-26
3.3CVE-2006-5013
SUNALERT
BID
FRSIRT
SECUNIA
SWsoft -- Plesk Reload
SWsoft -- Plesk
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
unknown
2006-09-27
2.3CVE-2006-5028
BUGTRAQ
BID
Walter Beschmout -- PhpQuizMultiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
unknown
2006-09-24
2.3CVE-2006-4977
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Walter Beschmout -- PhpQuizDirect static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings.
unknown
2006-09-24
2.3CVE-2006-4979
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Yahoo -- Yahoo! MessengerYahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
unknown
2006-09-24
1.9CVE-2006-4975
BUGTRAQ
OTHER-REF

Back to top

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Activision -- Call of Duty 2
Activision -- Call of Duty
Activision -- Call of Duty United Offensive
Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command.
unknown
2006-09-27
7.0CVE-2006-5058
OTHER-REF
BID
SECUNIA
Aspindir -- xweblogSQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
unknown
2006-09-27
7.0CVE-2006-5023
OTHER-REF
BID
XF
Blue Dragon -- PHP Blue DragonCross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
unknown
2006-09-23
7.0CVE-2006-4960
OTHER-REF
FRSIRT
SECUNIA
XF
BID
XF
Blue Dragon -- PHP Blue DragonSQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
unknown
2006-09-23
7.0CVE-2006-4961
OTHER-REF
FRSIRT
SECUNIA
XF
BID
Chumpsoft -- phpQuestionnairePHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter.
unknown
2006-09-24
7.0CVE-2006-4966
OTHER-REF
Milw0rm
BID
XF
BUGTRAQ
SECUNIA
Cisco -- Cisco Network Access ControlCisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols.
unknown
2006-09-25
7.0CVE-2006-4983
BUGTRAQ
OTHER-REF
e-Vision -- e-Vision CMSSQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter.
unknown
2006-09-27
7.0CVE-2006-5017
BUGTRAQ
BID
exV2 -- exV2SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
unknown
2006-09-27
7.0CVE-2006-5030
OTHER-REF
BID
SECUNIA
XF
FiWin -- SS28S WiFi VoIP SIP/Skype PhoneThe FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet.
unknown
2006-09-27
7.0CVE-2006-5038
FULLDISC
OTHER-REF
BID
Forum One -- syntaxCMSPHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter.
unknown
2006-09-27
7.0CVE-2006-5055
FULLDISC
OTHER-REF
FRSIRT
FreeBSD -- FreeBSDInteger overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
2006-08-16
2006-09-25
7.0CVE-2006-4172
IDEFENSE
BUGTRAQ
SECUNIA
Grayscale -- BandSite CMSMultiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-3193.
unknown
2006-09-25
7.0CVE-2006-4984
BUGTRAQ
BID
IBM -- AIXUnspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors.
unknown
2006-09-26
7.0CVE-2006-5003
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.
unknown
2006-09-26
7.0CVE-2006-5005
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXBuffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument.
unknown
2006-09-26
7.0CVE-2006-5006
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
7.0CVE-2006-5008
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow.
unknown
2006-09-26
7.0CVE-2006-5009
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
IBM -- AIXUntrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program.
unknown
2006-09-26
7.0CVE-2006-5010
OTHER-REF
AIXAPAR
IBM -- AIXUntrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine".
unknown
2006-09-26
7.0CVE-2006-5011
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Ipswitch -- WS_FTP ServerBuffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
unknown
2006-09-24
7.0CVE-2006-4974
OTHER-REF
BID
XF
SECUNIA
iyzi Forum -- iyzi ForumSQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.
unknown
2006-09-27
7.0CVE-2006-5054
OTHER-REF
FRSIRT
Joomla! -- JD-WordPressMultiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php.
unknown
2006-09-25
7.0CVE-2006-4992
OTHER-REF
OTHER-REF
OTHER-REF
BID
OSVDB
OSVDB
OSVDB
Joomla! -- BSQ SitestatsPHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-09-25
7.0CVE-2006-4995
OTHER-REF
OTHER-REF
Joomla! -- JoomlaLibUnspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."
unknown
2006-09-25
7.0CVE-2006-4996
OTHER-REF
OTHER-REF
OTHER-REF
Kietu -- KietuPHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
unknown
2006-09-26
7.0CVE-2006-5015
BUGTRAQ
MLIST
BID
XF
MAXdev -- MD-ProCross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker.
unknown
2006-09-23
7.0CVE-2006-4964
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Microsoft -- Office
Microsoft -- Office XP
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-complicit attackers to execute arbitrary code via a crafted PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F.
unknown
2006-09-27
8.0CVE-2006-4694
OTHER-REF
OTHER-REF
BID
OTHER-REF
CERT-VN
FRSIRT
NextAge -- NextAge Shopping CartMultiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php.
unknown
2006-09-24
7.0CVE-2006-4967
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
Patrick Michaelis -- Wili-CMSMultiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php.
unknown
2006-09-25
7.0CVE-2006-4987
BUGTRAQ
BID
PhotoPost -- PhotoPost PHP ProMultiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.
unknown
2006-09-25
7.0CVE-2006-4990
BUGTRAQ
PHPartenaire -- PHPartenairePHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter.
unknown
2006-09-27
7.0CVE-2006-5032
OTHER-REF
SECUNIA
XF
pNews Systems -- pNewsPHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter.
unknown
2006-09-27
7.0CVE-2006-5022
OTHER-REF
BID
XF
PostNuke Software Foundation -- PNphpBBPHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-09-24
7.0CVE-2006-4968
BUGTRAQ
OTHER-REF
FRSIRT
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
SECTRACK
RedBLoG -- RedBLoGMultiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
7.0CVE-2006-5021
BID
SolidState -- SolidStateMultiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php.
unknown
2006-09-27
7.0CVE-2006-5020
OTHER-REF
XF
Squiz -- MySource Classic
Squiz -- MySource Matrix
** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
2006-04-27
2006-09-27
7.0CVE-2006-5036
BUGTRAQ
OTHER-REF
Squiz -- MySource Matrix** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability."
2006-04-27
2006-09-27
7.0CVE-2006-5037
BUGTRAQ
OTHER-REF
Sun -- Sun Secure Global DesktopCross-site scripting (XSS) vulnerability in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
unknown
2006-09-23
7.0CVE-2006-4958
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Voice of Web -- AllMyGuestsMultiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).
unknown
2006-09-25
7.0CVE-2006-4993
OTHER-REF
XF
WAHM E-Commerce -- Pie Cart ProMultiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php.
unknown
2006-09-24
7.0CVE-2006-4969
Milw0rm
BID
XF
WAHM E-Commerce -- Pie Cart ProPHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
unknown
2006-09-24
7.0CVE-2006-4970
BUGTRAQ
Milw0rm
BID
XF
Walter Beschmout -- PhpQuizMultiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
unknown
2006-09-24
7.0CVE-2006-4978
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Web-News -- Web-NewsPHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter.
unknown
2006-09-27
7.0CVE-2006-5053
OTHER-REF
BID
FRSIRT
OSVDB
SECUNIA
XF
WoltLab -- Burning BoardSQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
unknown
2006-09-27
7.0CVE-2006-5029
BUGTRAQ
BUGTRAQ

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apache Friends -- XAMPPMultiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname.
unknown
2006-09-25
4.9CVE-2006-4994
FULLDISC
OTHER-REF
OTHER-REF
XF
Blue Dragon -- PHP Blue DragonDirectory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file.
unknown
2006-09-23
4.7CVE-2006-4962
OTHER-REF
FRSIRT
SECUNIA
BID
XF
Cisco -- Cisco Network Access ControlCisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
unknown
2006-09-25
4.9CVE-2006-4982
BUGTRAQ
OTHER-REF
CMSDevelopment -- Business Card Web BuilderPHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
unknown
2006-09-22
5.6CVE-2006-4946
Milw0rm
BID
FRSIRT
SECUNIA
XF
Computer Associates -- eTrust Audit Client
Computer Associates -- eTrust Audit DataTools
Computer Associates -- eTrust Audit Policy Manager
Computer Associates -- eTrust Security Command Center
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
2006-01-21
2006-09-22
4.7CVE-2006-4901
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
XF
cPanel -- cPanelUnspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
unknown
2006-09-26
6.0CVE-2006-5014
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
Exponent -- Exponent CMSDirectory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files.
unknown
2006-09-23
4.7CVE-2006-4963
Milw0rm
BID
FRSIRT
SECUNIA
IBM -- AIXUntrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.
unknown
2006-09-26
4.9CVE-2006-5007
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Ipswitch -- WS_FTP ServerMultiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
2006-09-01
2006-09-26
4.2CVE-2006-5000
OTHER-REF
OTHER-REF
Ipswitch -- WS_FTP ServerUnspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
unknown
2006-09-26
4.9CVE-2006-5001
Joomla! -- Events moduleUnspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5039
OTHER-REF
OTHER-REF
Joomla! -- SEF4040xUnspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5040
OTHER-REF
Joomla! -- Hot PropertiesUnspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5041
OTHER-REF
Joomla! -- mosMediaUnspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5042
OTHER-REF
OTHER-REF
Joomla! -- JoomlaBoardUnspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and earlier for Joomla! has unspecified impact and attack vectors, possibly related to sbp file inclusion, a variant of CVE-2006-3528.
unknown
2006-09-27
4.9CVE-2006-5043
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Joomla! -- RS Gallery2Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files."
unknown
2006-09-27
4.9CVE-2006-5046
OTHER-REF
OTHER-REF
OTHER-REF
Joomla! -- RS Gallery2Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code.
unknown
2006-09-27
4.9CVE-2006-5047
OTHER-REF
Joomla! -- Security Images componentUnspecified vulnerability in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! has unspecified impact and attack vectors, possibly a PHP remote file inclusion vulnerability in the mosConfig_absolute_path parameter in configinsert.php, lang.php, client.php, and server.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
4.9CVE-2006-5048
OTHER-REF
OTHER-REF
SECUNIA
Joomla! -- Classifieds componentUnspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5049
OTHER-REF
OTHER-REF
Mambo -- Prince Clan Chess component
Joomla! -- Prince Clan Chess component
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5044
OTHER-REF
OTHER-REF
MyBB -- MyBBCross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.
unknown
2006-09-24
5.6CVE-2006-4972
BUGTRAQ
FRSIRT
SECUNIA
OpenBSD -- OpenSSHSignal handler race condition in OpenSSH before 4.4 allows remote remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors.
unknown
2006-09-27
5.6CVE-2006-5051
MLIST
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5024
OTHER-REF
BID
SECUNIA
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5025
OTHER-REF
Paisterist -- Simple HTTP ScannerMultiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors.
unknown
2006-09-27
4.9CVE-2006-5026
OTHER-REF
Sun -- SolarisUnspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
unknown
2006-09-26
4.7CVE-2006-5012
SUNALERT
FRSIRT
SECUNIA
Symantec -- Sygate Network Access ControlSymantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs).
unknown
2006-09-25
4.9CVE-2006-4981
BUGTRAQ
OTHER-REF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Quicktime plugin
Apple -- Quicktime Player
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain.
unknown
2006-09-24
2.3CVE-2006-4965
OTHER-REF
BID
SECUNIA
BUGTRAQ
Cake Software Foundation -- CakePHPDirectory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename.
unknown
2006-09-27
2.3CVE-2006-5031
OTHER-REF
OTHER-REF
BID
SECUNIA
Computer Associates -- eTrust Security Command CenterThe ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
2006-01-21
2006-09-22
2.3CVE-2006-4899
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
XF
Computer Associates -- eTrust Security Command CenterDirectory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
2006-01-21
2006-09-22
2.8CVE-2006-4900
OTHER-REF
CA
CA
OSVDB
SECUNIA
BUGTRAQ
BUGTRAQ
BID
FRSIRT
SECTRACK
XF
ContentKeeper Technologies -- ContentKeeperContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.
2006-03-15
2006-09-27
1.4CVE-2006-5018
BUGTRAQ
OTHER-REF
BID
DotNetNuke -- DotNetNukeCross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter.
2006-09-04
2006-09-24
2.3CVE-2006-4973
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
e-Vision -- e-Vision CMSUnrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.
unknown
2006-09-27
2.3CVE-2006-5016
BUGTRAQ
BID
FreeBSD -- FreeBSDInteger signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
2006-08-16
2006-09-25
2.3CVE-2006-4178
IDEFENSE
BUGTRAQ
SECUNIA
Google -- Mini Search ApplianceGoogle Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
unknown
2006-09-27
2.3CVE-2006-5019
BUGTRAQ
BID
Grayscale -- BandSite CMSMultiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the the_band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php.
unknown
2006-09-25
2.3CVE-2006-4985
BUGTRAQ
BID
Grayscale -- BandSite CMSGrayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) adminpanel/includes/previews/preview_bio.php, (8) adminpanel/includes/previews/preview_genmerch.php, (9) adminpanel/includes/previews/preview_fliers.php, (10) adminpanel/includes/previews/preview_gbook.php, (11) adminpanel/includes/previews/preview_interviews.php, (12) adminpanel/includes/previews/preview_links.php, (13) adminpanel/includes/previews/preview_lyrics.php, (14) adminpanel/includes/previews/preview_membio.php, (15) adminpanel/includes/previews/preview_merchphotos.php, (16) adminpanel/includes/previews/preview_mp3s.php, (17) adminpanel/includes/previews/preview_news.php, (18) adminpanel/includes/previews/preview_photos.php, (19) adminpanel/includes/previews/preview_releases.php, (20) adminpanel/includes/previews/preview_relmerch.php, (21) adminpanel/includes/previews/preview_relphotos.php, (22) adminpanel/includes/previews/preview_reviews.php, (23) adminpanel/includes/previews/preview_shows.php, (24) adminpanel/includes/previews/preview_wearmerch.php, (25) adminpanel/includes/change_forms/change_bio.php, (26) adminpanel/includes/change_forms/change_fliers.php, (27) adminpanel/includes/change_forms/change_gbook.php, (28) adminpanel/includes/change_forms/change_gen_merch.php, (29) adminpanel/includes/change_forms/change_interview.php, (30) adminpanel/includes/change_forms/change_links.php, (31) adminpanel/includes/change_forms/change_lyrics.php, (32) adminpanel/includes/change_forms/change_members.php, (33) adminpanel/includes/change_forms/change_merch.php, (34) adminpanel/includes/change_forms/change_merch_pic.php, (35) adminpanel/includes/change_forms/change_mp3s.php, (36) adminpanel/includes/change_forms/change_news.php, (37) adminpanel/includes/change_forms/change_photos.php, (38) adminpanel/includes/change_forms/change_rel_merch.php, (39) adminpanel/includes/change_forms/change_rel_pic.php, (40) adminpanel/includes/change_forms/change_releases.php, (41) adminpanel/includes/change_forms/change_reviews.php, (42) adminpanel/includes/change_forms/change_shows.php, and (43) adminpanel/includes/change_forms/change_wear_merch.php, which reveals the path in various error messages.
unknown
2006-09-25
2.3CVE-2006-4986
BUGTRAQ
BID
IBM -- Inventory ScoutUnspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
2.3CVE-2006-5002
OTHER-REF
AIXAPAR
BID
SECUNIA
IBM -- AIXUnspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors.
unknown
2006-09-26
1.6CVE-2006-5004
OTHER-REF
AIXAPAR
AIXAPAR
BID
SECUNIA
Jeroen Vennegoor -- JevonCMSJeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages.
unknown
2006-09-27
2.3CVE-2006-5027
BUGTRAQ
John Lim -- ADOdb Date LibraryThe Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
unknown
2006-09-24
2.3CVE-2006-4976
BUGTRAQ
Joomla! -- PollXTUnspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors.
unknown
2006-09-27
3.9CVE-2006-5045
OTHER-REF
OTHER-REF
SECUNIA
Ktools.net -- PhotoStoreMultiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php.
unknown
2006-09-27
2.3CVE-2006-5057
BUGTRAQ
BID
MyBB -- MyBBMyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
unknown
2006-09-24
2.3CVE-2006-4971
BUGTRAQ
FRSIRT
OpenBSD -- OpenSSHsshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
unknown
2006-09-26
3.3CVE-2006-4924
OTHER-REF
BID
SECUNIA
MLIST
OpenBSD -- OpenSSHUnspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
unknown
2006-09-27
2.3CVE-2006-5052
MLIST
Opial -- Opial Audio/Video Download ManagementCross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view.
unknown
2006-09-27
2.3CVE-2006-5056
BUGTRAQ
BID
Patrick Michaelis -- Wili-CMSMultiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors.
unknown
2006-09-25
2.3CVE-2006-4988
BUGTRAQ
BID
Patrick Michaelis -- Wili-CMSPatrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
unknown
2006-09-25
2.3CVE-2006-4989
BUGTRAQ
BID
Paul Smith Computer Services -- vCAPUnspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
2006-08-16
2006-09-27
2.3CVE-2006-5033
FULLDISC
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Paul Smith Computer Services -- vCAPDirectory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
unknown
2006-09-27
2.3CVE-2006-5034
FULLDISC
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
Paul Smith Computer Services -- vCAPMultiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-09-27
2.3CVE-2006-5035
FRSIRT
OSVDB
OSVDB
SECUNIA
Rob Landley -- BusyBoxDirectory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.
unknown
2006-09-27
2.3CVE-2006-5050
BUGTRAQ
SECTRACK
RSA -- Keon Certificate Authority ManagerRSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by mopdifying CA auditor logs without detection by (1) modifying or deleting a and its signature from the XML log in a way that is not detected by the integrity check function that operates on the entire pool, or (2) modifying entries in the live log file, which is only signed during rotation.
2006-06-17
2006-09-25
3.3CVE-2006-4991
FULLDISC
BID
XF
XF
Sun -- Sun Secure Global DesktopSun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available.
2006-06-06
2006-09-23
2.3CVE-2006-4959
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
XF
Sun -- SolarisSun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
unknown
2006-09-26
3.3CVE-2006-5013
SUNALERT
BID
FRSIRT
SECUNIA
SWsoft -- Plesk Reload
SWsoft -- Plesk
Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action.
unknown
2006-09-27
2.3CVE-2006-5028
BUGTRAQ
BID
Walter Beschmout -- PhpQuizMultiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
unknown
2006-09-24
2.3CVE-2006-4977
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Walter Beschmout -- PhpQuizDirect static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings.
unknown
2006-09-24
2.3CVE-2006-4979
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
Yahoo -- Yahoo! MessengerYahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
unknown
2006-09-24
1.9CVE-2006-4975
BUGTRAQ
OTHER-REF

Back to top

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top