Vulnerability Summary for the Week of June 26, 2006
Released
Jul 03, 2006
Document ID
SB06-184
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Algorithmic Research -- PrivateWire Gateway | Buffer overflow in the Online Registration Facility for Algorithmic Research PrivateWire VPN software up to 3.7 allows remote attackers to execute arbitrary code via a long GET request. |
| 7.0 | CVE-2006-3252 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Stack-based buffer overflow ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. |
| 7.0 | CVE-2006-1469 APPLE FRSIRT BID SECTRACK | ||
| cairohost -- VBZooM | Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php. |
| 7.0 | CVE-2006-3238 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA XF | ||
| cairohost -- VBZoom | SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. |
| 7.0 | CVE-2006-3239 BUGTRAQ BID XF | ||
| CBSMS -- Mambo Module | PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. |
| 7.0 | CVE-2006-3302 FRSIRT XF | ||
| Cisco -- Secure Access Control Server | Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability." |
| 7.0 | CVE-2006-3226 BUGTRAQ BUGTRAQ CISCO BID SECTRACK XF FRSIRT SECUNIA | ||
| Cisco -- Wireless Control System | The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). |
| 7.0 | CVE-2006-3285 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
| Cisco -- Wireless Control System | The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). |
| 7.0 | CVE-2006-3286 CISCO BID FRSIRT SECTRACK SECUNIA | ||
| Cisco -- Wireless Control System | Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). |
| 7.0 | CVE-2006-3287 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
| Cisco -- IOS | The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. |
| 7.0 | CVE-2006-3291 CISCO BID FRSIRT CERT-VN SECTRACK SECUNIA XF | ||
| Clearswift -- MAILsweeper for SMTP Clearswift -- MAILsweeper for Exchange | Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set. |
| 7.0 | CVE-2006-3215 MIMESWEEPER BID FRSIRT SECUNIA | ||
| Codewalkers -- PHP Event Calendar Codewalkers -- ltwCalendar | SQL injection vulnerability in calendar.php in Codewalkers PHP Event Calendar 4.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-3248 BUGTRAQ OTHER-REF BID SECTRACK XF | ||
| Computer Associates -- Integrated Threat Management Computer Associates -- eTrust PestPatrol Computer Associates -- eTrust Antivirus | Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field. |
| 7.0 | CVE-2006-3223 COMPUTER ASSOCIATES OSVDB FULLDISC BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK SECUNIA | ||
| datetopia -- Dating Agent PRO | SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. |
| 7.0 | CVE-2006-3283 BUGTRAQ XF | ||
| DeluxeBB -- DeluxeBB | SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter. |
| 7.0 | CVE-2006-3304 OTHER-REF BID FRSIRT SECTRACK SECUNIA BUGTRAQ | ||
| George Currums -- Open Guestbook | SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter. |
| 7.0 | CVE-2006-3296 BUGTRAQ BID XF | ||
| GraceNote -- CDDBControl ActiveX Control | Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string. |
| 7.0 | CVE-2006-3134 OTHER-REF FULLDISC OTHER-REF OTHER-REF CERT-VN BID FRSIRT FRSIRT SECTRACK SECUNIA SECUNIA XF | ||
| Hashcash -- Hashcash | Heap-based buffer overflow in the array_push function in hashcash.c for Hashcash before 1.22 might allow attackers to execute arbitrary code via crafted entries. |
| 7.0 | CVE-2006-3251 OTHER-REF GENTOO BID FRSIRT SECUNIA SECUNIA | ||
| IBM -- Websphere Application Server | Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used." |
| 7.0 | CVE-2006-3232 OTHER-REF BID FRSIRT SECUNIA | ||
| Infinite Core Technologies -- ICT | SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. |
| 7.0 | CVE-2006-3267 OTHER-REF BID FRSIRT SECUNIA | ||
| Internet Scout Project -- Scout Portal Toolkit | SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. |
| 7.0 | CVE-2006-3309 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Jaws -- Jaws | SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). |
| 7.0 | CVE-2006-3292 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| LookNet -- FineShop | Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters. |
| 7.0 | CVE-2006-3234 OTHER-REF SECTRACK XF | ||
| Mambo -- Mambo | SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| 7.0 | CVE-2006-3262 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECTRACK SECUNIA | ||
| Mambo -- Mambo | SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| 7.0 | CVE-2006-3263 OTHER-REF | ||
| Microsoft -- Windows XP | ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. |
| 7.0 | CVE-2006-3209 BUGTRAQ BUGTRAQ | ||
| Microsoft -- Internet Explorer | Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object. |
| 7.0 | CVE-2006-3280 FULLDISC OTHER-REF BID FRSIRT SECUNIA CERT-VN SECTRACK XF | ||
| Mutt -- Mutt | Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server. |
| 7.0 | CVE-2006-3242 OTHER-REF OTHER-REF BID FRSIRT SECUNIA UBUNTU GENTOO MANDRIVA SECUNIA SECUNIA SECUNIA XF | ||
| MyBB -- MyBB | SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. |
| 7.0 | CVE-2006-3243 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Phorum -- Phorum | SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| 7.0 | CVE-2006-3249 OTHER-REF | ||
| PhpMySms -- PhpMySms | PHP remote file inclusion vulnerability in sms_config/gateway.php in PhpMySms 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. |
| 7.0 | CVE-2006-3300 OTHER-REF BID XF | ||
| RahnemaCo -- RahnemaCo | PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter. |
| 7.0 | CVE-2006-3314 BUGTRAQ BID SECTRACK | ||
| RealNetworks -- Helix DNA Server | Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". |
| 7.0 | CVE-2006-3276 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF XF | ||
| Softbiz -- Dating Script | Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. |
| 7.0 | CVE-2006-3271 BUGTRAQ BID FRSIRT SECUNIA | ||
| Softnews Media Group -- DataLife Engine | SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction. |
| 7.0 | CVE-2006-3221 Milw0rm Milw0rm BID FRSIRT SECUNIA XF | ||
| thinkfactory -- thinkWMS | Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. |
| 7.0 | CVE-2006-3236 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| THoRCMS -- THoRCMS | SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. |
| 7.0 | CVE-2006-3270 FRSIRT | ||
| WeBBoA -- WeBBoA | SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp. |
| 7.0 | CVE-2006-3213 BUGTRAQ BID FRSIRT SECTRACK XF | ||
| Woltlab -- Burning Board | SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter. |
| 7.0 | CVE-2006-3218 BUGTRAQ | ||
| Woltlab -- Burning Board | SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter. |
| 7.0 | CVE-2006-3219 BUGTRAQ | ||
| Woltlab -- Burning Board | SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| 7.0 | CVE-2006-3220 BUGTRAQ XF | ||
| Woltlab -- Burning Board | SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. |
| 7.0 | CVE-2006-3254 BUGTRAQ BID SECTRACK | ||
| Woltlab -- Burning Board | SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter. |
| 7.0 | CVE-2006-3255 BUGTRAQ BID SECTRACK | ||
| Woltlab -- Burning Board | SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. |
| 7.0 | CVE-2006-3256 BUGTRAQ BID SECTRACK | ||
| YaBB -- YaBB SE | SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. |
| 7.0 | CVE-2006-3275 FULLDISC BID FRSIRT SECUNIA XF | ||
| Zoid Technologies -- Project Eros bbsengine | Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php. |
| 7.0 | CVE-2006-3307 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Zoid Technologies -- Project Eros bbsengine | Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). |
| 7.0 | CVE-2006-3308 OTHER-REF BID FRSIRT SECUNIA |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| AEwebworks Dating Software -- aeDating | Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. |
| 4.7 | CVE-2006-3279 BUGTRAQ FRSIRT SECUNIA XF | ||
| Anthill -- Anthill | Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in query.php. |
| 5.6 | CVE-2006-3244 OTHER-REF SECUNIA BID FRSIRT XF | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. |
| 4.9 | CVE-2006-1471 APPLE FRSIRT BUGTRAQ BID SECTRACK | ||
| CBSMS -- Mambo Module | PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-3294 OTHER-REF BID FRSIRT SECUNIA XF | ||
| DeluxeBB -- DeluxeBB | Multiple cross-site scripting (XSS) vulnerabilities in pm.php in DeluxeBB 1.07 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) subject or (2) to parameters. |
| 4.7 | CVE-2006-3303 OTHER-REF FRSIRT SECTRACK SECUNIA XF | ||
| Jochen Friedrich -- pinball | Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. |
| 4.9 | CVE-2006-2196 DEBIAN FRSIRT SECUNIA SECUNIA XF | ||
| Le R'alf -- Ralf Image Gallery | Ralf Image Gallery (RIG) 0.7.4 and earlier, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks. |
| 5.6 | CVE-2006-3210 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
| MagNet -- Bee-hive Lite | Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php. |
| 5.6 | CVE-2006-3266 OTHER-REF FRSIRT SECUNIA | ||
| Microsoft -- Windows Live Messenger | Heap-based buffer overflow in Windows Live Messenger 8.0 allows user-complicit attackers to execute arbitrary code via a crafted Contact List (.ctt) file, which triggers the overflow when it is imported by the user. |
| 5.6 | CVE-2006-3250 OTHER-REF BID SECTRACK BUGTRAQ OTHER-REF XF | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 6.0 allows remote user-complicit attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA). NOTE: this could be a directory traversal vulnerability, although its role in the exploit was not explained. NOTE: this issue might be in other components that are used by Internet Explorer. |
| 5.6 | CVE-2006-3281 FULLDISC OTHER-REF BID FRSIRT SECUNIA CERT-VN SECTRACK XF | ||
| MiMMS -- mimms | Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. |
| 5.6 | CVE-2006-2200 OTHER-REF BID FRSIRT SECUNIA | ||
| PHP -- PHP | The error_log function in PHP 5.1.4 and 4.4.2 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode. |
| 4.9 | CVE-2006-3011 OTHER-REF FRSIRT SECUNIA BUGTRAQ SECTRACK XF | ||
| THoRCMS -- THoRCMS | PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. |
| 5.6 | CVE-2006-3269 OTHER-REF BID FRSIRT SECUNIA | ||
| Ultimate PHP Board -- Ultimate PHP Board | Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4) admin_config2.php, which are stored as configuration settings. NOTE: this issue can be exploited by remote attackers by leveraging other vulnerabilities in UPB. |
| 4.2 | CVE-2006-3208 BUGTRAQ OTHER-REF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X | Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. |
| 2.3 | CVE-2006-1468 APPLE FRSIRT BID BID SECTRACK | ||
| Apple -- Mac OS X Server Apple -- Mac OS X | OpenLDAP Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. |
| 2.3 | CVE-2006-1470 APPLE FRSIRT CERT-VN BID BID SECTRACK | ||
| Apple -- Safari | Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. |
| 2.7 | CVE-2006-3224 FULLDISC XF | ||
| Azureus Tracker -- Azureus Tracker | Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter. |
| 1.9 | CVE-2006-3230 OTHER-REF FRSIRT SECUNIA SECTRACK | ||
| BNBT -- TrinEdit BNBT -- EasyTracker | Multiple cross-site scripting (XSS) vulnerabilities in index.html in BNBT TrinEdit and EasyTracker 7.7r3.2004.10.27 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) filter or (2) sort parameters. |
| 1.9 | CVE-2006-3258 BLOGSPOT SECUNIA FRSIRT SECTRACK | ||
| Cisco -- Wireless Control System | Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and overwrite arbitrary files via unspecified vectors. |
| 2.3 | CVE-2006-3288 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
| Cisco -- Wireless Control System | Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". |
| 1.9 | CVE-2006-3289 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
| Cisco -- Wireless Control System | HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. |
| 2.3 | CVE-2006-3290 CISCO BID FRSIRT SECTRACK SECUNIA XF | ||
| cjGuestbook -- cjGuestbook | Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter. |
| 2.3 | CVE-2006-3211 BUGTRAQ FRSIRT SECUNIA BID XF | ||
| cjGuestbook -- cjGuestbook | Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2006-3212 BID FRSIRT SECUNIA XF | ||
| Claroline -- Claroline | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php. |
| 2.3 | CVE-2006-3257 BUGTRAQ OTHER-REF | ||
| Clearswift -- MAILsweeper for SMTP Clearswift -- MAILsweeper for Exchange | Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages. |
| 2.3 | CVE-2006-3216 MIMESWEEPER BID FRSIRT SECUNIA XF | ||
| datetopia -- Dating Agent PRO | requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. |
| 2.3 | CVE-2006-3282 BUGTRAQ FRSIRT SECUNIA | ||
| datetopia -- Dating Agent PRO | Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. |
| 1.9 | CVE-2006-3284 BUGTRAQ FRSIRT SECUNIA XF | ||
| dotProject -- dotProject | Cross-site scripting (XSS) vulnerability in classes/ui.class.php in dotProject 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter. |
| 1.9 | CVE-2006-3240 OTHER-REF OTHER-REF OTHER-REF FRSIRT SECUNIA BID | ||
| e107.org -- e107 website system | Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). |
| 2.3 | CVE-2006-3259 BUGTRAQ BID FRSIRT SECUNIA | ||
| Fortinet -- FortiOS | The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. |
| 2.3 | CVE-2006-3222 OTHER-REF BID FRSIRT SECUNIA | ||
| George Currums -- Open Guestbook | Cross-site scripting (XSS) vulnerability in header.php in Open Guestbook 0.5 allows remote attackers to inject arbitrary web script or HTML via the title parameter. |
| 2.3 | CVE-2006-3295 BUGTRAQ BID XF | ||
| GL-SH -- Deaf Forum | Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf Forum 6.4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the sort parameter. |
| 1.9 | CVE-2006-3246 OTHER-REF FRSIRT SECUNIA | ||
| GL-SH -- Deaf Forum | Multiple cross-site scripting (XSS) vulnerabilities in show.php in GL-SH Deaf Forum 6.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) page, and (3) action parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 1.9 | CVE-2006-3247 OTHER-REF FRSIRT SECUNIA | ||
| Hitachi -- Groupmax Address Server Hitachi -- Groupmax Mail Server | Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests". |
| 2.3 | CVE-2006-3214 HITACHI FRSIRT SECTRACK SECUNIA XF | ||
| IBM -- Websphere Application Server | Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 allows remote attackers to obtain the source code of JSP files via unknown vectors. |
| 2.3 | CVE-2006-3231 OTHER-REF BID FRSIRT SECUNIA | ||
| JaguarSoft -- JaguarEdit | JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows remote attackers to obtain sensitive information, such as the username and MAC and IP addresses, by setting the test field to certain values such as 2404 or 2790, then reading the information from the .JText field. |
| 1.9 | CVE-2006-3217 BUGTRAQ SRLABS SRLABS BID FRSIRT SECUNIA XF | ||
| Jelsoft -- vBulletin | Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. |
| 1.9 | CVE-2006-3253 BUGTRAQ SECTRACK | ||
| Jon Link -- Some Chess | Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-3272 SECUNIA | ||
| Jon Link -- Some Chess | Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). |
| 1.9 | CVE-2006-3273 BUGTRAQ SECTRACK SECUNIA XF | ||
| Lanap BotDetect -- CAPTCHA ASP.NET | The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number." |
| 2.3 | CVE-2006-2918 BUGTRAQ BID OTHER-REF FRSIRT SECUNIA SECTRACK XF | ||
| Linux -- Linux kernel | The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors. |
| 1.6 | CVE-2006-0456 OTHER-REF OTHER-REF OTHER-REF OTHER-REF DEBIAN FRSIRT BID | ||
| Linux -- Linux kernel | Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, does not perform certain required access_ok checks, which allows local users to read arbitrary kernel memory on 64-bit systems (signal_64.c) and cause a denial of service (crash) and possibly read kernel memory on 32-bit systems (signal_32.c). |
| 3.7 | CVE-2006-2448 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT BUGTRAQ TRUSTIX SECUNIA | ||
| LookNet -- FineShop | Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters. |
| 1.9 | CVE-2006-3235 OTHER-REF SECTRACK XF | ||
| MailEnable -- MailEnable | The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument. |
| 2.3 | CVE-2006-3277 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA OTHER-REF XF | ||
| MetalheadWs -- Usenet | Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter. |
| 2.3 | CVE-2006-3299 BUGTRAQ BID FRSIRT SECUNIA | ||
| mvnForum -- mvnForum | Multiple cross-site scripting (XSS) vulnerabilities in activatemember in mvnForum 1.0 GA and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) member and (2) activatecode parameters. |
| 1.9 | CVE-2006-3245 OTHER-REF SECUNIA BID FRSIRT XF | ||
| Namo -- DeepSearch | Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter. |
| 1.9 | CVE-2006-3264 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Netsoft -- smartNet | Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft smartNet 2.0 allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter. |
| 2.3 | CVE-2006-3313 BUGTRAQ OTHER-REF BID OTHER-REF SECTRACK XF | ||
| New Atlanta Communications -- BlueDragon Server JX New Atlanta Communications -- BlueDragon Server | BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a dneial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. |
| 2.3 | CVE-2006-2310 OTHER-REF FRSIRT SECUNIA BID | ||
| New Atlanta Communications -- BlueDragon Server JX New Atlanta Communications -- BlueDragon Server | Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. |
| 1.9 | CVE-2006-2311 OTHER-REF FRSIRT SECUNIA | ||
| Novell -- Groupwise | Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. |
| 2.3 | CVE-2006-3268 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Open WebMail -- Open WebMail | Cross-site scripting (XSS) vulnerability in OpenWebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." |
| 2.3 | CVE-2006-3229 OTHER-REF OTHER-REF MLIST | ||
| Open WebMail -- Open WebMail | Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in OpenWebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. |
| 2.3 | CVE-2006-3233 MLIST OTHER-REF OTHER-REF BID | ||
| phpQLAdmin -- phpQLAdmin | Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the domain parameter in (1) user_add.php or (2) unit_add.php. |
| 2.3 | CVE-2006-3301 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Positive Software -- H-Sphere | Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.C when using the mailman/massmail.html template_name. |
| 1.9 | CVE-2006-3278 OTHER-REF FRSIRT SECUNIA | ||
| Proton -- EnergyMech IRC Bot | parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages. |
| 2.3 | CVE-2006-3293 OTHER-REF GENTOO BID FRSIRT SECUNIA SECUNIA XF | ||
| QaTraq -- QaTraq | Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print, (2) link_upgrade, (3) link_sql, (4) link_next, (5) link_prev, and (6) link_list parameters in top.inc as included by queries_view_search.php; the (7) msg, (8) component_name, and (9) component_desc parameters in (a) components_copy_content.php, (b) components_modify_content.php, and (c) components_new_content.php; the (10) title, (11) version, and (12) content parameters in design_copy_content.php; the (13) plan_title and (14) plan_content parameters in design_copy_plan_search.php; the (15) title, (16) minor_version, (17) new_version, and (18) content parameters in design_modify_content.php; the (19) title, (20) version, and (21) content parameters in design_new_content.php; the (22) plan_name and (23) plan_desc parameters in design_new_search.php; the (24) file_name parameter in download.php; the (25) username and (26) password parameters in login.php; the (27) title, (28) version, and (29) content parameters in phase_copy_content.php; the (30) content parameter in phase_delete_search.php; the (31) title, (32) minor_version, (33) new_version, and (34) content parameters in phase_modify_content.php; the (35) content, (36) title, (37) version, and (38) content parameters in phase_modify_search.php; the (39) content parameter in phase_view_search.php; the (40) msg, (41) product_name, and (42) product_desc parameters in products_copy_content.php; and possibly the (43) product_name and (44) product_desc parameters in (d) products_copy_search.php, and a large number of additional parameters and executables. |
| 2.3 | CVE-2006-3312 BUGTRAQ OTHER-REF BID | ||
| Qdig -- Qdig | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Qdig before 1.2.9.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pre_gallery or (2) post_gallery parameters. |
| 1.9 | CVE-2006-3265 OTHER-REF FRSIRT SECUNIA | ||
| Senokian Solutions -- Enterprise Groupware Systems | Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. |
| 1.9 | CVE-2006-3237 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Sun -- ONE Application Server Sun -- Java System Application Server | Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. |
| 1.9 | CVE-2006-3225 SUNALERT FRSIRT BID SECTRACK SECUNIA XF | ||
| Trend Micro -- Control Manager | Cross-site scripting (XSS) vulnerability in Trend Micro Control Manager (TMCM) 3.5 allows remote attackers to inject arbitrary web script or HTML via the username field on the login page, which is not properly sanitized before being displayed in the error log. |
| 2.3 | CVE-2006-3261 BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF | ||
| UebiMiau -- UebiMiau | Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php. |
| 2.3 | CVE-2006-3305 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Virtual Design Studios -- vlbook | Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| 2.3 | CVE-2006-3260 BUGTRAQ ALTERVISTA BID SECUNIA FRSIRT | ||
| Webmin -- Webmin | Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. |
| 2.3 | CVE-2006-3274 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| XennoBB -- XennoBB | Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter. |
| 1.9 | CVE-2006-3241 OTHER-REF FRSIRT SECUNIA | ||
| Yahoo -- Yahoo! Messenger | Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to cause a denial of service (crash) via messages that contain non-ASCII characters, which triggers the crash in jscript.dll. |
| 2.3 | CVE-2006-3298 OTHER-REF BID SECUNIA XF | ||
| Zoid Technologies -- Project Eros bbsengine | Cross-site scripting (XSS) vulnerability in the preparestring funtion in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. |
| 2.3 | CVE-2006-3306 OTHER-REF BID FRSIRT SECUNIA XF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.