Vulnerability Summary for the Week of October 2, 2006

Released
Oct 09, 2006
Document ID
SB06-282

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

">

High Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
A-Blog -- A-BlogMultiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) open_box, (2) middle_box, and (3) close_box parameters in (a) sources/myaccount.php; the (4) navigation_end parameter in (b) navigation/search.php and (c) navigation/donation.php; and the (6) navigation_start and (7) navigation_middle parameters in navigation/donation.php, (d) navigation/latestnews.php, and (e) navigation/links.php; different vectors than CVE-2006-5092.
unknown
2006-10-03
7.0CVE-2006-5135
OTHER-REF
BID
XF
Andreas Gohr -- DokuWikilib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.
unknown
2006-09-29
7.0CVE-2006-5099
OTHER-REF
GENTOO
SECUNIA
SECUNIA
FRSIRT
Apple -- Mac OS X
NeXT -- OpenStep
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
unknown
2006-10-03
7.0CVE-2006-4392
BUGTRAQ
OTHER-REF
APPLE
CERT-VN
SECTRACK
CERT
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XA logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors.
unknown
2006-10-03
7.0CVE-2006-4394
APPLE
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Baumedia -- NewswriterPHP remote file inclusion vulnerability in include/editfunc.inc.php in Sebastian Baumann and Philipp Wolfer Newswriter SW 1.42 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NWCONF_SYSTEM[server_path] parameter.
unknown
2006-10-03
7.0CVE-2006-5102
OTHER-REF
BID
XF
bbsNew -- bbsNewPHP remote file inclusion vulnerability in index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the right parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-03
7.0CVE-2006-5103
BID
Comdev -- Comdev CSV ImporterPHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calendar 3.1, (4) Comdev FAQ Support 3.1, (5) Comdev Guestbook 3.1, (6) Comdev Links Directory 3.1, (7) Comdev News Publisher 3.1, (8) Comdev Newsletter 3.1, (9) Comdev Photo Gallery 3.1, (10) Comdev Vote Caster 3.1, (11) Comdev Web Blogger 3.1, and (12) Comdev eCommerce 3.1, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: it has been reported that 4.1 versions might also be affected.
unknown
2006-10-03
7.0CVE-2006-5101
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
ConPresso -- ConPresso CMSMultiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
unknown
2006-10-03
7.0CVE-2006-5127
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
ConPresso -- ConPresso CMSSQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.
2006-07-30
2006-10-03
7.0CVE-2006-5128
BUGTRAQ
OTHER-REF
OTHER-REF
BID
XF
DeluxeBB -- DeluxeBBPHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.
unknown
2006-10-05
7.0CVE-2006-5154
OTHER-REF
BID
FRSIRT
SECUNIA
Devellion -- CubeCartMultiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
unknown
2006-10-03
7.0CVE-2006-5107
BUGTRAQ
BID
XF
Devellion -- CubeCartMultiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php.
unknown
2006-10-03
7.0CVE-2006-5108
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Forum One -- SyntaxCMSMultiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055.
unknown
2006-10-03
7.0CVE-2006-5105
OTHER-REF
SECUNIA
Forum82 -- Forum82Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
unknown
2006-10-05
7.0CVE-2006-5148
OTHER-REF
BID
FRSIRT
SECUNIA
HP -- HP-UXUnspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.
unknown
2006-10-05
10.0CVE-2006-5151
HP
BID
SECTRACK
XF
InterVations -- NaviCOPA Web ServerBuffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
unknown
2006-10-03
7.0CVE-2006-5112
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Jelsoft -- VBulletinSQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter.
unknown
2006-10-03
7.0CVE-2006-5104
BUGTRAQ
BID
XF
Joshua Muheim -- phpMyWebminMultiple PHP remote file inclusion vulnerabilities in Joshua Muheim phpMyWebmin 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) target and (2) action parameters in window.php, and possibly the (3) target parameter in home.php.
unknown
2006-10-03
7.0CVE-2006-5124
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Kevin A. Gordon -- Open Geo TargetingPHP remote file inclusion vulnerability in script.php in Kevin A. Gordon Open Geo Targeting (aka geotarget) allows remote attackers to execute arbitrary PHP code via a URL in the anp_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-03
7.0CVE-2006-5141
BID
Lappy512 -- PHP Krazy Image Host ScriptSQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-10-03
7.0CVE-2006-5140
OTHER-REF
BID
XF
McAfee -- ePolicy Orchestrator
McAfee -- ProtectionPilot
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
unknown
2006-10-05
10.0CVE-2006-5156
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
Microsoft -- Internet ExplorerCross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032.
unknown
2006-10-05
7.0CVE-2006-5152
BUGTRAQ
BUGTRAQ
BUGTRAQ
MyPhotos -- MyPhotos** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions.
unknown
2006-09-29
7.0CVE-2006-5095
BUGTRAQ
MLIST
net2ftp -- net2ftpPHP remote file inclusion vulnerability in index.php in net2ftp allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter.
unknown
2006-09-29
7.0CVE-2006-5097
BUGTRAQ
XF
NetWin -- WebNEWSPHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter.
unknown
2006-10-03
7.0CVE-2006-5100
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
XF
Olate -- OlateDownloadCross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.
unknown
2006-10-05
7.0CVE-2006-5144
BUGTRAQ
BID
XF
Olate -- OlateDownloadMultiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.
unknown
2006-10-05
7.0CVE-2006-5145
BUGTRAQ
BID
XF
OpenBiblio -- OpenBiblioMultiple PHP remote file inclusion vulnerabilities in (1) shared/header.php and (2) shared/help.php in OpenBiblio before 0.5.2 allow remote attackers to execute arbitrary PHP code via unspecified vectors.
unknown
2006-10-05
7.0CVE-2006-5149
OTHER-REF
BID
FRSIRT
SECUNIA
OpenBiblio -- OpenBiblioSQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-10-05
7.0CVE-2006-5150
OTHER-REF
BID
FRSIRT
SECUNIA
Paul Schudar -- Tagmin Control CenterPHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2006-09-29
7.0CVE-2006-5093
OTHER-REF
BID
OTHER-REF
SECUNIA
XF
FRSIRT
PHP Invoice -- PHP InvoiceCross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-03
7.0CVE-2006-5110
FRSIRT
SECUNIA
XF
PHP Web Scripts -- Easy Banner FreePHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.
unknown
2006-10-05
7.0CVE-2006-5166
BUGTRAQ
BID
XF
phpMyAgenda -- phpMyAgendaMultiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009.
unknown
2006-10-03
7.0CVE-2006-5132
BUGTRAQ
OTHER-REF
OTHER-REF
OSVDB
OSVDB
OSVDB
OSVDB
PHProjekt -- PHProjektMultiple PHP remote file inclusion vulnerabilities in Albrecht Guenther PHProjekt 5.1.x before 5.1.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lib_path or (2) lang_path parameter in unspecified files, related to code changes intended to fix inclusion, a different vulnerability than CVE-2002-0451, CVE-2006-4204, and CVE-2006-4609.
2006-09-21
2006-10-03
7.0CVE-2006-5123
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
PHPSelect -- Web Development DivisionPHP remote file inclusion vulnerability in index.php3 in the PDD package for PHPSelect Web Development Division allows remote attackers to execute arbitrary PHP code via a URL in the Application_Root parameter.
unknown
2006-10-03
7.0CVE-2006-5118
BUGTRAQ
BID
XF
PostNuke Software Foundation -- PostNukeSQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
unknown
2006-10-03
7.0CVE-2006-5121
BUGTRAQ
XF
PowerPortal -- PowerPortalPHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
unknown
2006-10-03
7.0CVE-2006-5126
OTHER-REF
BID
XF
SECUNIA
Salims Softhouse -- JAF CMSMultiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) the message parameter, and possibly other parameters, in module/shout/jafshout.php (aka the shoutbox); and (2) the message body in a forum post in module/forum/topicwin.php, related to the name, email, title, date, ldate, and lname variables.
unknown
2006-10-03
7.0CVE-2006-5129
BUGTRAQ
BID
SECUNIA
Salims Softhouse -- JAF CMSMultiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) url, (3) title, and (4) about parameters in a forum post. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-03
7.0CVE-2006-5130
SECUNIA
Salims Softhouse -- JAF CMSmodule/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another flat file (JAF) CMS 4.0 RC1 allows remote attackers to execute arbitrary code within sections bounded by "

", possibly due to a static code injection vulnerability involving admin/data_inc.php.

unknown
2006-10-03
7.0CVE-2006-5131
BUGTRAQ
SECUNIA
SAP -- Internet Transaction ServerMultiple cross-site scripting (XSS) vulnerabilities in wgate in SAP Internet Transaction Server (ITS) 6.1 and 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ~urlmime or (2) ~command parameter, different vectors than CVE-2003-0749.
2006-09-13
2006-10-03
7.0CVE-2006-5114
BUGTRAQ
BID
Steve Poulsen -- GuildFTPdBuffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars."
unknown
2006-10-03
7.0CVE-2006-5133
BUGTRAQ
OTHER-REF
OTHER-REF
OSVDB
Sum Effect Software -- digiSHOPMultiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.
unknown
2006-10-05
7.0CVE-2006-5164
BUGTRAQ
BID
SECUNIA
Trend Micro -- OfficeScanFormat string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search".
2006-06-27
2006-10-05
7.0CVE-2006-5157
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
UBBCentral -- UBB.threadsMultiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.
unknown
2006-10-03
7.0CVE-2006-5136
BUGTRAQ
BID
XF
VAMP Webmail -- VAMP WebmailPHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.
unknown
2006-10-05
7.0CVE-2006-5147
Milw0rm
BID
XF
VideoDB -- VideoDBPHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
unknown
2006-10-05
7.0CVE-2006-5155
OTHER-REF
BID
SECUNIA
XF
Yblog -- YblogMultiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.
unknown
2006-10-05
7.0CVE-2006-5146
BUGTRAQ
MLIST
BID
Yuuki Yoshizawa -- ExporiaDirectory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-10-03
7.0CVE-2006-5113
BID
FRSIRT
OSVDB
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS XApple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.
unknown
2006-10-03
4.9CVE-2006-4387
APPLE
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XBuffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image.
unknown
2006-10-03
5.6CVE-2006-4391
APPLE
SECTRACK
CERT
CERT-VN
BID
FRSIRT
SECUNIA
XF
Apple -- Mac OS XUnspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users.
unknown
2006-10-03
4.9CVE-2006-4393
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS XUnchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets.
unknown
2006-10-03
4.9CVE-2006-4397
APPLE
BID
FRSIRT
SECTRACK
SECUNIA
Basilix -- Basilix WebmailMultiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
unknown
2006-10-05
5.6CVE-2006-5167
Milw0rm
BID
FRSIRT
SECUNIA
XF
FacileForms -- FacileFormsCross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-10-03
5.6CVE-2006-5106
OTHER-REF
BID
FRSIRT
SECUNIA
IBM -- Client Security Password ManagerIBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.
unknown
2006-10-05
4.7CVE-2006-5161
BUGTRAQ
BID
KGB -- KGBDirectory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
unknown
2006-10-03
5.6CVE-2006-5115
OTHER-REF
BID
XF
phpMyAdmin -- phpMyAdminMultiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
unknown
2006-10-03
5.6CVE-2006-5116
OTHER-REF
BID
SECUNIA
BUGTRAQ
MLIST
OTHER-REF
XF
Skrypty -- PPA GalleryPHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.
unknown
2006-10-05
5.6CVE-2006-5165
Milw0rm
BID
FRSIRT
SECUNIA
XF
UBBCentral -- UBB.threadsMultiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
unknown
2006-10-03
5.6CVE-2006-5137
BUGTRAQ
BID
XF

Back to top

Low Vulnerabilities
Primary
Vendor -- Product
Description
Discovered
Published
CVSS ScoreSource & Patch Info
Andreas Gohr -- DokuWikilib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
unknown
2006-09-29
3.3CVE-2006-5098
OTHER-REF
GENTOO
SECUNIA
SECUNIA
FRSIRT
Apple -- Mac OS XCFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted.
unknown
2006-10-03
1.9CVE-2006-4390
APPLE
SECTRACK
XF
BID
FRSIRT
SECUNIA
Apple -- Mac OS XUnspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation."
unknown
2006-10-03
2.7CVE-2006-4395
APPLE
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Apple -- Mac OS XUser interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended.
unknown
2006-10-03
3.3CVE-2006-4399
APPLE
CERT
CERT-VN
BID
FRSIRT
SECTRACK
SECUNIA
XF
Devellion -- CubeCartDevellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. NOTE: the information.php, language.php, list_docs.php, popular_prod.php, sale.php, check_sum.php, and cat_navi.php vectors are already covered by CVE-2005-0607.
unknown
2006-10-03
2.3CVE-2006-5109
BUGTRAQ
BID
XF
IBM -- Informix Dynamic ServerIBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.
unknown
2006-10-05
3.3CVE-2006-5163
BUGTRAQ
FULLDISC
BID
SECUNIA
XF
XF
Joshua Muheim -- phpMyWebminDirectory traversal vulnerability in window.php, possibly used by home.php, in Joshua Muheim phpMyWebmin 1.0 allows remote attackers to obtain sensitive information via a directory name in the target parameter, which triggers a directory listing through the opendir function.
unknown
2006-10-03
2.3CVE-2006-5125
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Kerio -- Personal FirewallThe (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.
unknown
2006-10-05
3.3CVE-2006-5153
BUGTRAQ
OTHER-REF
BID
SECUNIA
libksba library -- libksba libraryThe libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
unknown
2006-10-03
2.3CVE-2006-5111
OTHER-REF
SUSE
Mercury -- Mercury SiteScopeMultiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
unknown
2006-10-03
2.8CVE-2006-5122
BUGTRAQ
BID
Mercury -- Mercury SiteScopeMercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.
2006-09-14
2006-10-03
1.4CVE-2006-5134
BUGTRAQ
BID
Microsoft -- Internet Explorerwininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.
unknown
2006-10-05
2.3CVE-2006-5162
BUGTRAQ
Milw0rm
BID
FRSIRT
OSVDB
XF
MKPortal -- MKPortalUnspecified vulnerability in MkPortal allows remote attackers to corrupt web site content, and possibly have other impact, via a certain long Message that affects "Tables," related to the Urlobox.
unknown
2006-10-03
2.3CVE-2006-5139
BUGTRAQ
Mozilla -- Firefox** DISPUTED ** Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources".
unknown
2006-10-05
3.3CVE-2006-5159
BUGTRAQ
BUGTRAQ
MOZILLA
OTHER-REF
BID
BID
SECTRACK
Mozilla -- Firefox** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not."
unknown
2006-10-05
2.3CVE-2006-5160
BUGTRAQ
MOZILLA
OTHER-REF
BID
Novell -- GroupWise MessengerMessenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero-size strings in blowfish routines."
2006-08-17
2006-10-05
2.3CVE-2006-4511
IDEFENSE
OTHER-REF
BID
SECUNIA
phpMyAdmin -- phpMyAdminphpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files.
unknown
2006-10-03
2.3CVE-2006-5117
OTHER-REF
BID
SECUNIA
Scott Metoyer -- Red MombinMultiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer Red Mombin 0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) process_login.php.
unknown
2006-10-03
3.7CVE-2006-5120
BUGTRAQ
OTHER-REF
BID
SuSE -- SuSE LinuxUnspecified vulnerability in NFS lockd in the kernel in SUSE Linux 9.2 through 10.0 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a deadlock.
unknown
2006-10-05
2.3CVE-2006-5158
UBBCentral -- UBB.threadsGroupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.
unknown
2006-10-03
2.3CVE-2006-5138
BUGTRAQ
BID
XF
VirtueMart -- VirtueMart Joomla! eCommerce Edition CMSMultiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action.
unknown
2006-09-29
2.3CVE-2006-5096
BUGTRAQ
BID
XF
SECUNIA
FRSIRT
Zen Cart -- Zen CartMultiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) index.php and (2) password_forgotten.php.
unknown
2006-10-03
3.7CVE-2006-5119
BUGTRAQ
OTHER-REF
BID

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.