Vulnerability Summary for the Week of August 21, 2006
Released
Aug 28, 2006
Document ID
SB06-240
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| 8pixel.net -- Simple Blog | SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4300 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
| AK-Systems -- Windows Terminal | VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. |
| 10.0 | CVE-2006-4309 BUGTRAQ BID | ||
| All Topics -- All Topics Hack | SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| 7.0 | CVE-2006-4367 OTHER-REF BID | ||
| Alt-N -- WebAdmin | Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. |
| 7.0 | CVE-2006-4370 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECUNIA XF | ||
| AOL -- AOL Security Edition | AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. |
| 7.0 | CVE-2006-0948 BID BUGTRAQ FRSIRT SECTRACK SECUNIA XF | ||
| Arthur Konze WebDesign -- AkoComment | PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4281 BUGTRAQ BID XF | ||
| bits-dont-bite -- EstateAgent | PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4322 BUGTRAQ BID | ||
| CityForFree -- indexcity | SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. |
| 7.0 | CVE-2006-4323 OTHER-REF BID SECUNIA | ||
| CityForFree -- indexcity | Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| 7.0 | CVE-2006-4324 OTHER-REF BID SECUNIA | ||
| CloudNine -- Interactive Links Manager | Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters. |
| 7.0 | CVE-2006-4327 OTHER-REF BID SECUNIA | ||
| CloudNine -- Interactive Links Manager | SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. |
| 7.0 | CVE-2006-4328 OTHER-REF BID SECUNIA | ||
| Constructor component -- Constructor component | PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. |
| 7.0 | CVE-2006-4372 OTHER-REF XF | ||
| Contacts XTD component -- Contacts XTD component | ** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined. |
| 7.0 | CVE-2006-4375 BUGTRAQ BUGTRAQ | ||
| Coppermine -- Photo Gallery component | PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4321 OTHER-REF BID FRSIRT SECUNIA XF | ||
| CropImage component -- CropImage component | PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter. |
| 7.0 | CVE-2006-4363 BUGTRAQ OTHER-REF BID | ||
| CubeCart -- CubeCart | Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php. |
| 7.0 | CVE-2006-4267 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| CubeCart -- CubeCart | Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. |
| 7.0 | CVE-2006-4268 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Derek Leung -- pSlash | PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. |
| 7.0 | CVE-2006-4373 BUGTRAQ OTHER-REF BID | ||
| DieselScripts -- Diesel Smart Traffic | PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. |
| 7.0 | CVE-2006-4357 BUGTRAQ BID XF | ||
| DieselScripts -- Diesel Pay | Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. |
| 7.0 | CVE-2006-4358 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| DieselScripts -- Diesel Job Site | Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. |
| 7.0 | CVE-2006-4361 BUGTRAQ FRSIRT SECUNIA XF | ||
| DieselScripts -- Diesel Paid Mail | Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. |
| 7.0 | CVE-2006-4362 BUGTRAQ BID FRSIRT SECUNIA XF | ||
| Digium -- Asterisk | Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. |
| 7.0 | CVE-2006-4345 OTHER-REF OTHER-REF BID SECTRACK | ||
| Digium -- Asterisk | Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. |
| 7.0 | CVE-2006-4346 OTHER-REF BID SECTRACK | ||
| Doika -- Doika guestbook | Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| 7.0 | CVE-2006-4325 OTHER-REF FRSIRT SECUNIA | ||
| FreeBSD -- FreeBSD NetBSD -- NetBSD | Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD 2.0 through 4.0 beta allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. |
| 10.0 | CVE-2006-4304 FREEBSD OTHER-REF NETBSD | ||
| Fscripts -- Fantastic News | PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. |
| 7.0 | CVE-2006-4285 OTHER-REF OTHER-REF BID SECUNIA FRSIRT XF | ||
| Fusionphp -- Fusion News | PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. |
| 7.0 | CVE-2006-4240 BUGTRAQ BID FRSIRT SECTRACK XF | ||
| Guder und Koch Netzwerktechnik -- Eichhorn Portal | Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. |
| 7.0 | CVE-2006-4376 BUGTRAQ XF | ||
| Guder und Koch Netzwerktechnik -- Eichhorn Portal | Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. |
| 7.0 | CVE-2006-4377 BUGTRAQ XF | ||
| IBM -- AIX | Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. |
| 7.0 | CVE-2006-4254 OTHER-REF AIXAPAR AIXAPAR AIXAPAR BID SECTRACK SECUNIA FRSIRT OSVDB XF | ||
| IntegraMOD -- IntegraMOD Portal | PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2006-4368 FULLDISC OTHER-REF OTHER-REF BID | ||
| Invisionix Systems -- Invisionix Roaming System Remote | PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter. |
| 7.0 | CVE-2006-4237 Milw0rm BID XF | ||
| Jelsoft -- vBulletin | ** DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin 3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE: the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication prior to the usage of the upgrade system." |
| 7.0 | CVE-2006-4271 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF | ||
| Jelsoft -- vBulletin | ** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level." |
| 7.0 | CVE-2006-4272 BUGTRAQ BUGTRAQ | ||
| Jelsoft -- vBulletin | Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. |
| 7.0 | CVE-2006-4273 BUGTRAQ BUGTRAQ BUGTRAQ | ||
| Joomla! -- mosListMessenger component Mambo -- mosListMessenger component | PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4229 OTHER-REF OTHER-REF FRSIRT SECUNIA BUGTRAQ | ||
| Joomla! -- x-shop component Mambo -- x-shop component | PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4269 BUGTRAQ BID XF | ||
| Justsystem -- Ichitaro | Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Ichitaro for Linux allows remote attackers to execute arbitrary code via long strings in a crafted document, as being actively exploited by malware such Trojan.Tarodrop. NOTE: some details are obtained from third party information. |
| 7.0 | CVE-2006-4326 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Kochsuite component -- Kochsuite component | PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4348 BUGTRAQ OTHER-REF BID OSVDB XF | ||
| LBlog -- LBlog | SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4284 OTHER-REF BID SECUNIA BUGTRAQ SECTRACK XF | ||
| Linux -- Linux kernel | Unspecified vulnerability in the SCTP implementation in Linux 2.6.9, and probably other 2.6.x versions, allows local users to cause a denial of service (panic) and possibly gain root privileges. via attack vectors. |
| 7.0 | CVE-2006-3745 REDHAT SECUNIA | ||
| Lizge -- Lizge Web Portal | Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. |
| 7.0 | CVE-2006-4230 BUGTRAQ BID XF | ||
| Mambo -- mtg_myhomepage Component | Multiple PHP remote file inclusion vulnerabilities in the mtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. |
| 7.0 | CVE-2006-4264 BUGTRAQ | ||
| Mambo -- mambelfish component | PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4270 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
| Mambo -- CatalogShop component | PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4275 BUGTRAQ BID | ||
| Mambo -- ANJEL Component | PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4280 BUGTRAQ XF | ||
| Mambo -- Mambo | PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4286 BUGTRAQ | ||
| Mambo -- a6mambocredits component | PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-4288 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF | ||
| Mambo -- bigAPE-Backup component | PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4296 OTHER-REF BID FRSIRT SECUNIA XF | ||
| MamboXChange -- Reporter | PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4241 BUGTRAQ BID XF | ||
| MamboXChange -- MamboWiki | PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. |
| 7.0 | CVE-2006-4282 BUGTRAQ OTHER-REF OTHER-REF BID | ||
| Microsoft -- Internet Explorer | Buffer overflow in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1 with MS06-042 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression. |
| 7.0 | CVE-2006-3869 BUGTRAQ OTHER-REF OTHER-REF CERT-VN SECTRACK | ||
| Mozilla -- Firefox | Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a series of Javascript timed events that load an XML file containing a large number of closing tags, which triggers a memory fault, aka ffoxdie3. NOTE: this is very similar to CVE-2006-4253, but possibly a different issue. |
| 7.0 | CVE-2006-4261 BUGTRAQ OTHER-REF | ||
| NES Game -- NES Game NES System -- NES System | Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. |
| 7.0 | CVE-2006-4287 OTHER-REF OTHER-REF BID SECUNIA FRSIRT OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB | ||
| OneOrZero -- OneOrZero | SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4350 BUGTRAQ | ||
| OneOrZero -- OneOrZero | Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 7.0 | CVE-2006-4351 BUGTRAQ | ||
| OpenSEF Project -- OpenSEF | PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4320 BUGTRAQ BID SECTRACK XF | ||
| osCommerce -- osCommerce | SQL injection vulnerability in shopping_cart.php in osCommerce 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. |
| 7.0 | CVE-2006-4297 OTHER-REF BID SECTRACK XF | ||
| Outreach Project Tool -- OPT Max | PHP remote file inclusion vulnerability in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CRM_inc parameter. |
| 7.0 | CVE-2006-4239 Milw0rm BID FRSIRT SECUNIA XF | ||
| Phome Empire -- Phome Empire CMS | PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. |
| 7.0 | CVE-2006-4354 OTHER-REF BID SECUNIA XF | ||
| Powergap -- Powergap Lite Powergap -- Powergap Business | Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, or (d) s04.php; or (2) sid parameter to (e) index.php. |
| 7.0 | CVE-2006-4236 BUGTRAQ Milw0rm BID XF SECTRACK | ||
| Product Scroller Module -- Product Scroller Module | Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. |
| 7.0 | CVE-2006-4263 BUGTRAQ BID | ||
| RedBLoG -- RedBLoG | PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4366 OTHER-REF BID | ||
| Rssxt component -- Rssxt component | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue. |
| 7.0 | CVE-2006-4378 BUGTRAQ BUGTRAQ | ||
| Shadows Rising RPG -- Shadows Rising RPG | Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. |
| 7.0 | CVE-2006-4329 MLIST OTHER-REF BID XF | ||
| SOLMETRA -- SPAW Editor | Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php. |
| 7.0 | CVE-2006-4283 BUGTRAQ BID | ||
| Sonium -- Enterprise Adressbook | PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php. |
| 7.0 | CVE-2006-4311 OTHER-REF FRSIRT SECUNIA XF | ||
| Sony -- SonicStage Mastering Studio | Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. |
| 7.0 | CVE-2006-4235 PENTEST OTHER-REF CERT-VN BID FRSIRT OSVDB SECUNIA XF | ||
| Sony -- VAIO Media Server | Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. |
| 10.0 | CVE-2006-4289 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| SportsPHool -- SportsPHool | PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter. |
| 7.0 | CVE-2006-4278 OTHER-REF BID SECUNIA FRSIRT XF | ||
| SSH Communications Security -- Tectia Client SSH Communications Security -- SSH Tectia Manager SSH Communications Security -- Tectia Server SSH Communications Security -- Tectia Manager SSH Communications Security -- Tectia Connector | Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. |
| 7.0 | CVE-2006-4315 OTHER-REF BID | ||
| SSH Communications Security -- SSH Tectia Manager | SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges. |
| 7.0 | CVE-2006-4316 OTHER-REF BID | ||
| Streamripper -- Streamripper | Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. |
| 7.0 | CVE-2006-3124 OTHER-REF BID FRSIRT SECUNIA XF | ||
| Sun -- Solaris | Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. |
| 7.0 | CVE-2006-4306 SUNALERT BID SECTRACK | ||
| Sun -- Solaris | Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306. |
| 7.0 | CVE-2006-4307 SUNALERT BID SECTRACK | ||
| Texas Imperial Software -- WFTPD | Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands. |
| 7.0 | CVE-2006-4318 OTHER-REF BID SECTRACK | ||
| Toenda Software Development -- toendaCMS | ** DISPUTED ** PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php. |
| 7.0 | CVE-2006-4349 BUGTRAQ BUGTRAQ BID XF | ||
| Tutti Nova -- Tutti Nova | PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. |
| 7.0 | CVE-2006-4276 OTHER-REF BID SECUNIA FRSIRT XF | ||
| Tutti Nova -- Tutti Nova | Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4277 BID SECUNIA | ||
| VistaBB -- VistaBB | Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php. |
| 7.0 | CVE-2006-4365 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| VWar -- Virtual War | Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortby, and (4) sortorder parameters. NOTE: The page parameter vector is covered by CVE-2006-4010. |
| 7.0 | CVE-2006-4225 BUGTRAQ | ||
| Woltlab -- Burning Board | Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. |
| 7.0 | CVE-2006-4317 BUGTRAQ BID XF | ||
| WTCom -- Web Torrent | SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode. |
| 7.0 | CVE-2006-4238 Milw0rm BID XF | ||
| XennoBB -- XennoBB | SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. |
| 7.0 | CVE-2006-4279 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Mac OS X Server Apple -- Mac OS X Apple -- Xsan | Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." |
| 4.9 | CVE-2006-3506 APPLE BID FRSIRT SECTRACK SECUNIA CERT-VN | ||
| Cisco -- PIX Firewall Cisco -- Adaptive Security Appliance | Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access. |
| 4.2 | CVE-2006-4312 CISCO | ||
| Cscope -- Cscope | Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file list parsing, (2) long pathnames that result from path variable expansion such as tilde expansion for the HOME environment variable, and (3) command line argument. |
| 5.6 | CVE-2006-4262 OTHER-REF OTHER-REF | ||
| Drupal -- Drupal Easylinks Module | Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 5.6 | CVE-2006-4355 OTHER-REF BID SECUNIA | ||
| Drupal -- Drupal Easylinks Module | SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 5.6 | CVE-2006-4356 OTHER-REF BID SECUNIA | ||
| Drupal -- Drupal E-commerce Module | Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. |
| 4.2 | CVE-2006-4360 OTHER-REF BID SECUNIA | ||
| Fuji Xerox -- Fuji Xerox Printing Systems (FXPS) print engine | The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including Dell 3000cn through 5110cn, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. |
| 4.7 | CVE-2006-2113 OTHER-REF | ||
| ImageMagick -- ImageMagick | Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. |
| 5.6 | CVE-2006-3743 OTHER-REF REDHAT SECUNIA | ||
| ImageMagick -- ImageMagick | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun bitmap images that trigger heap-based buffer overflows. |
| 5.6 | CVE-2006-3744 OTHER-REF REDHAT SECUNIA | ||
| Joomla! -- JIM Instant Messaging Component | PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 5.6 | CVE-2006-4242 BUGTRAQ Milw0rm BID FRSIRT OSVDB SECUNIA XF | ||
| Microsoft -- PowerPoint | Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as being actively exploited by malware such as TROJ_MDROPPER.BH. NOTE: as of 20060821, it has been reported that this is a different issue than CVE-2006-3660, CVE-2006-3656, and CVE-2006-3655. |
| 5.6 | CVE-2006-4274 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF SECTRACK | ||
| Mozilla -- Firefox | Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by ffoxdie. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected. |
| 5.6 | CVE-2006-4253 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF BID SECUNIA OTHER-REF BID | ||
| MySQL -- MySQL | MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. |
| 4.2 | CVE-2006-4227 MLIST OTHER-REF BID FRSIRT SECUNIA OTHER-REF SECTRACK XF | ||
| PHlyMail -- PHlyMail Lite | PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. |
| 5.6 | CVE-2006-4291 OTHER-REF BID SECTRACK SECUNIA XF | ||
| Sun -- Solaris | Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
| 4.9 | CVE-2006-4319 SUNALERT | ||
| Trident Software -- PowerZip | Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. |
| 5.6 | CVE-2006-4359 BID SECUNIA |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Alt-N -- MDaemon | Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. |
| 2.3 | CVE-2006-4364 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID SECTRACK SECUNIA XF | ||
| Alt-N -- WebAdmin | Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. |
| 2.3 | CVE-2006-4371 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECUNIA XF | ||
| Blackboard -- Blackboard Blackboard -- Blackboard Learning and Community Portal Suite | Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6 and Blackboard Learning and Community Portal Suite 6.2.3.23 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscript, and (3) malformed javascript URIs in various HTML tags when posting to the Discussion Board. |
| 2.3 | CVE-2006-4308 BUGTRAQ BID SECUNIA | ||
| CGI-RESCUE -- Mail F/W System | CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. |
| 2.3 | CVE-2006-4344 OTHER-REF OTHER-REF BID FRSIRT OSVDB | ||
| Cisco -- VPN 3000 Concentrator | Multiple unspecified vulnerabilities in Cisco VPN 3000 series concentrators before 4.1, 4.1.x up to 4.1(7)L, and 4.7.x up to 4.7(2)F allow attackers to execute the (1) CWD, (2) MKD, (3) CDUP, (4) RNFR, (5) SIZE, and (6) RMD FTP commands to modify files or create and delete directories via unknown vectors. |
| 2.3 | CVE-2006-4313 CISCO | ||
| Cisco -- Content Service Switch | The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. |
| 2.3 | CVE-2006-4352 OSVDB OTHER-REF | ||
| cPanel -- cPanel | Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. |
| 2.3 | CVE-2006-4293 BUGTRAQ SECUNIA XF | ||
| Fuji Xerox -- Fuji Xerox Printing Systems (FXPS) print engine | Fuji Xerox Printing Systems (FXPS) print engine, as used in products including Dell 3000cn through 5110cn, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. |
| 2.3 | CVE-2006-2112 OTHER-REF | ||
| Globus -- Globus Toolkit | Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. |
| 1.3 | CVE-2006-4232 MLIST BID FRSIRT SECUNIA XF | ||
| Globus -- Globus Toolkit | Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. |
| 3.3 | CVE-2006-4233 MLIST BID FRSIRT SECUNIA XF | ||
| Horde -- IMP Horde -- Horde | Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. |
| 2.3 | CVE-2006-4255 BUGTRAQ MLIST OTHER-REF BID FRSIRT SECUNIA XF | ||
| Horde -- Application Framework | index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. |
| 2.3 | CVE-2006-4256 BUGTRAQ MLIST OTHER-REF FRSIRT SECUNIA XF | ||
| IBM -- WebSphere Application Server | IBM WebSphere Application Server before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to (1) "JSP source code exposure" (PK23475), (2) the First Failure Data Capture (ffdc) log file (PK24834), and (3) traces (PK25568), a different issue than CVE-2006-4137. |
| 2.3 | CVE-2006-4223 OTHER-REF FRSIRT SECUNIA | ||
| IBM -- DB2 Universal Database | Unspecified vulnerability in IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service via unspecified vectors (1) during the "CONNECT / ATTACH" or (2) after the CONNECT processing. NOTE: some details have been obtained from third parties. |
| 1.4 | CVE-2006-4257 OTHER-REF SECUNIA AIXAPAR FRSIRT OSVDB OSVDB | ||
| IntegraMOD -- IntegraMOD Portal | Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. |
| 2.3 | CVE-2006-4369 FULLDISC OTHER-REF OTHER-REF BID | ||
| Irfan Skiljan -- IrfanView32 | IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. |
| 1.9 | CVE-2006-4231 BUGTRAQ XF | ||
| Irfan Skiljan -- IrfanView32 | IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. |
| 1.9 | CVE-2006-4374 BUGTRAQ BID XF | ||
| Jake Olefsky -- Fotopholder | Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability. |
| 1.9 | CVE-2006-4259 BUGTRAQ SECTRACK XF | ||
| Jake Olefsky -- Fotopholder | Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter. |
| 2.3 | CVE-2006-4260 BUGTRAQ SECTRACK XF | ||
| Jiran -- Cool Messenger Office/School Server Jiran -- Cool Manager | SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. |
| 2.3 | CVE-2006-4347 OTHER-REF BID SECUNIA | ||
| John Hanna -- Anti-Spam SMTP Proxy Server | Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. |
| 1.4 | CVE-2006-4258 FULLDISC BID FRSIRT SECUNIA XF | ||
| Kaspersky Lab -- Kaspersky Anti-Hacker | Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode. |
| 2.3 | CVE-2006-4265 BUGTRAQ | ||
| Linux -- Linux kernel | Unspecified vulnerability in the restore_all code path of the 4/4GB split support for non-hugemem Linux kernels 2.6.9, and probably other 2.6.x versions, allows local users to cause a denial of service (panic) via unspecified vectors. |
| 2.3 | CVE-2006-2932 REDHAT SECUNIA | ||
| Linux -- Linux kernel | Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." |
| 2.3 | CVE-2006-4093 OTHER-REF OTHER-REF FRSIRT BID FRSIRT SECUNIA | ||
| Microsoft -- Internet Explorer | Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple ActiveX COM Objects from (a) dxtmsft.dll and (b)dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1. |
| 2.3 | CVE-2006-4301 BUGTRAQ OTHER-REF BID | ||
| Mozilla -- Firefox | Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI. |
| 2.3 | CVE-2006-4310 BUGTRAQ BID | ||
| MySQL -- MySQL | MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. |
| 2.2 | CVE-2006-4226 MLIST MYSQL MYSQL BID FRSIRT SECUNIA SECTRACK XF | ||
| Niels Provos -- Honeyd | Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. |
| 2.3 | CVE-2006-4292 OTHER-REF FRSIRT SECUNIA XF | ||
| osCommerce -- osCommerce | Multiple directory traversal vulnerabilities in cache.php in osCommerce 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions. |
| 2.3 | CVE-2006-4298 OTHER-REF XF | ||
| Panda -- Panda ActiveScan | Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. |
| 2.3 | CVE-2006-4295 OTHER-REF BID SECTRACK | ||
| Sony -- VAIO Media Server | Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. |
| 2.3 | CVE-2006-4290 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| Sun -- Java Web Start Sun -- J2SE | The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities. |
| 2.3 | CVE-2006-4302 SUNALERT SECUNIA SECTRACK SECTRACK | ||
| Sun -- Solaris | Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). |
| 1.9 | CVE-2006-4303 SUNALERT SECTRACK XF | ||
| Sun -- Java System Content Delivery Server | Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. |
| 2.3 | CVE-2006-4353 SUNALERT | ||
| Symantec -- Norton Personal Firewall | Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. |
| 3.3 | CVE-2006-4266 BUGTRAQ OTHER-REF BID | ||
| Symantec -- Symantec Enterprise Security Manager | The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request. |
| 2.3 | CVE-2006-4314 BUGTRAQ OTHER-REF BID BID FRSIRT SECTRACK SECUNIA | ||
| TikiWiki Project -- TikiWiki | Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-4299 BID OSVDB SECUNIA | ||
| VWar -- Virtual War | Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009. |
| 2.3 | CVE-2006-4224 BUGTRAQ | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
| 2.3 | CVE-2006-4330 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Wireshark -- Wireshark | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. |
| 2.3 | CVE-2006-4331 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Wireshark -- Wireshark | Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. |
| 2.3 | CVE-2006-4332 OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
| Wireshark -- Wireshark | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory. |
| 2.3 | CVE-2006-4333 OTHER-REF BID FRSIRT SECTRACK SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.