Vulnerability Summary for the Week of September 4, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
8pixel.net -- Simple Blog | Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism. |
| 7.0 | CVE-2006-4592 OTHER-REF BID FRSIRT SECUNIA | ||
AlstraSoft -- Template Seller AlstraSoft -- Template Seller Pro | Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php. |
| 7.0 | CVE-2006-4591 BUGTRAQ BID | ||
ALWIL -- avast! Antivirus | Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. |
| 7.0 | CVE-2006-4626 OTHER-REF | ||
Annuaire -- 1Two | SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4601 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA | ||
Autentificator -- Autentificator | SQL injection vulnerability in aut_verifica.inc.php in Autentificator 2.01 allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| 7.0 | CVE-2006-4599 BUGTRAQ BID FRSIRT SECUNIA | ||
Bare Concept Media -- Pheap CMS | PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. |
| 7.0 | CVE-2006-4531 OTHER-REF BID XF BUGTRAQ FRSIRT OSVDB SECTRACK SECUNIA | ||
Bare Concept Media -- Pheap CMS | PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. |
| 7.0 | CVE-2006-4621 FRSIRT SECUNIA | ||
Bernard Pacques -- Yet Another Community System CMS | PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter. |
| 7.0 | CVE-2006-4532 OTHER-REF XF OTHER-REF FRSIRT SECTRACK SECUNIA | ||
Bernard Pacques -- Yet Another Community System CMS | Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php, (3) categories/populate.php, (4) comments/populate.php, (5) files/file.php, (6) sections/section.php, (7) sections/populate.php, (8) tables/populate.php, (9) users/user.php, and (10) users/populate.php. The articles/article.php vector is covered by CVE-2006-4532. |
| 7.0 | CVE-2006-4559 OTHER-REF SECUNIA | ||
Bugada Andrea -- PHP Advanced Transfer Manager | Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. |
| 7.0 | CVE-2006-4594 OTHER-REF BID XF | ||
Cerberus -- Cerberus Helpdesk | (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4539 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
CHXO -- Feedsplitter | Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed. |
| 7.0 | CVE-2006-4551 BUGTRAQ | ||
CHXO -- Feedsplitter | Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. |
| 7.0 | CVE-2006-4552 BUGTRAQ | ||
CMS Frogss -- CMS Frogss | SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. |
| 7.0 | CVE-2006-4536 OTHER-REF OTHER-REF BID XF | ||
ComScripts -- AnnonceV | PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| 7.0 | CVE-2006-4622 BUGTRAQ OTHER-REF | ||
Darrens $5 Script Archive -- FlashChat | Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. |
| 7.0 | CVE-2006-4583 OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA | ||
DeluxeBB -- DeluxeBB | DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. |
| 7.0 | CVE-2006-4558 BUGTRAQ OTHER-REF SECUNIA XF | ||
Devellion -- CubeCart | SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. |
| 7.0 | CVE-2006-4526 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Digi International Inc -- AnywhereUSB/5 | Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor. |
| 7.0 | CVE-2006-4459 BUGTRAQ OTHER-REF BID SECUNIA | ||
Digiappz -- Freekot | Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-4524 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
Dsocks -- Dsocks | Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. |
| 7.0 | CVE-2006-4611 BUGTRAQ OTHER-REF BID | ||
DynCMS -- DynCMS | PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter. |
| 7.0 | CVE-2006-4589 OTHER-REF BID SECUNIA | ||
e107.org -- e107 website system | e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107. |
| 7.0 | CVE-2006-4548 BUGTRAQ OTHER-REF | ||
ExBB -- ExBB | Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor. |
| 7.0 | CVE-2006-4544 BUGTRAQ OTHER-REF SECTRACK | ||
GNU -- Mailman | Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". |
| 7.0 | CVE-2006-2941 OTHER-REF OTHER-REF FRSIRT SECUNIA BID XF | ||
GNU -- Mailman | Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2006-3636 OTHER-REF FRSIRT SECUNIA BID XF | ||
GrapAgenda -- GrapAgenda | PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter. |
| 7.0 | CVE-2006-4610 BUGTRAQ OTHER-REF | ||
HLstats -- HLstats | Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode. |
| 7.0 | CVE-2006-4543 BUGTRAQ BID SECUNIA | ||
IBM -- AIX | Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. |
| 7.0 | CVE-2006-4522 AIXAPAR AIXAPAR SECUNIA BID FRSIRT | ||
ICBlogger -- ICBlogger | SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the YID parameter. |
| 7.0 | CVE-2006-4597 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
Jetstat.com -- JS ASP Faq Manager | SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4590 BID FRSIRT OSVDB SECUNIA XF | ||
John Andersson -- ZixForum | SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. |
| 7.0 | CVE-2006-4612 BUGTRAQ | ||
Joomla! -- com_comprofiler Component Mambo -- com_comprofiler Component | PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4553 BUGTRAQ BID | ||
Julian Pawlowski -- CAPI4HylaFAX | c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. |
| 7.0 | CVE-2006-3126 OTHER-REF DEBIAN SECUNIA SECUNIA FRSIRT | ||
KDE -- kdebase | The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. |
| 10.0 | CVE-2006-3742 FEDORA | ||
Lanifex -- Lanifex | PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. |
| 7.0 | CVE-2006-4604 Milw0rm BID XF | ||
Learn.com -- LearnCenter | Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| 7.0 | CVE-2006-4540 BUGTRAQ SECUNIA BID OSVDB XF | ||
Longino -- Jacome php-Revista | PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. |
| 7.0 | CVE-2006-4605 BUGTRAQ SECUNIA | ||
Longino -- Jacome php-Revista | Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. |
| 7.0 | CVE-2006-4606 BUGTRAQ SECUNIA | ||
Longino -- Jacome php-Revista | admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1. |
| 10.0 | CVE-2006-4607 BUGTRAQ SECUNIA | ||
Longino -- Jacome php-Revista | Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. |
| 7.0 | CVE-2006-4608 BUGTRAQ SECUNIA | ||
Mambo -- JIM Component Joomla! -- JIM Component | ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242. |
| 7.0 | CVE-2006-4556 BUGTRAQ BUGTRAQ | ||
Membrepass -- membrepass | SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. |
| 7.0 | CVE-2006-4529 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Membrepass -- membrepass | Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. |
| 7.0 | CVE-2006-4530 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Microsoft -- Internet Explorer | Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. |
| 7.0 | CVE-2006-4560 BUGTRAQ OTHER-REF OTHER-REF | ||
ModuleBased CMS -- ModuleBased CMS | ** DISPUTED ** PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and (5) libs/profile/proccess.php. NOTE: CVE disputes this claim, as the _SERVER array and the _SERVER[DOCUMENT_ROOT] index are controlled by PHP and cannot be manipulated by an attacker. |
| 7.0 | CVE-2006-4545 BUGTRAQ MLIST BID | ||
Mozilla -- Firefox | Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the attacker and that has a domain name under the attacker's control, which can force the browser to drop DNS pinning and perform a new DNS query for the domain name after the script is already running. |
| 7.0 | CVE-2006-4561 BUGTRAQ OTHER-REF OTHER-REF | ||
MyBace Light -- MyBace Light | PHP remote file inclusion in MyBace Light Skrip, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) hauptverzeichniss parameter in includes/login_check.php and the (2) template_back parameter in admin/login/content/user_daten.php. |
| 7.0 | CVE-2006-4596 OTHER-REF FRSIRT SECUNIA | ||
NCH Software -- Swift Sound Web Dictate | NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. |
| 10.0 | CVE-2006-4603 BUGTRAQ BID | ||
PHP-Nuke -- MyHeadlines | Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 4.3.1 allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4563 BID FRSIRT SECUNIA XF | ||
Plume CMS -- Plume CMS | Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the $_PX_config['manager_path'] parameter to (1) articles.php, 2) categories.php, 3) news.php, 4) prefs.php, 5) (sites.php, 6) subtypes.php, 7) users.php, 8) xmedia.php, 9) (frontinc/class.template.php, 10) inc/lib.text.php, 11) (install/index.php, 12) install/upgrade.php, and 13) (tools/htaccess/index.php. NOTE: other vectors are covered by CVE-2006-3562, CVE-2006-2645, and CVE-2006-0725. |
| 7.0 | CVE-2006-4533 OTHER-REF BID | ||
Retro64 -- CR64Loader ActiveX Control | Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. |
| 7.0 | CVE-2006-4555 CERT-VN BID FRSIRT SECTRACK SECUNIA XF | ||
Robert Jewell -- Discloser | ** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the type parameter. As of 20060901, CVE analysis concurs with the dispute. |
| 7.0 | CVE-2006-4557 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
SoftBB -- SoftBB | Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| 7.0 | CVE-2006-4593 BUGTRAQ BID | ||
ssLinks -- ssLinks | Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action. |
| 7.0 | CVE-2006-4598 BUGTRAQ BID FRSIRT SECUNIA | ||
TikiWiki Project -- TikiWiki | Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is uploaded to the img/wiki/ directory. |
| 7.0 | CVE-2006-4602 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Tr Forum -- Tr Forum | Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. |
| 7.0 | CVE-2006-4584 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA | ||
vtiger -- vtiger CRM | Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. |
| 7.0 | CVE-2006-4587 OTHER-REF BID FRSIRT SECUNIA | ||
vtiger -- vtiger CRM | vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. |
| 7.0 | CVE-2006-4588 OTHER-REF BID FRSIRT SECUNIA | ||
Vtiger -- Vtiger CRM | Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. |
| 7.0 | CVE-2006-4617 OTHER-REF | ||
Webmin -- Usermin Webmin -- Webmin | Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. |
| 7.0 | CVE-2006-4542 OTHER-REF OTHER-REF WEBMIN FRSIRT SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
AVIRA -- AntiVir | The start update window in Avira AntiVir PersonalEdition Classic allows local users to gain system privileges via a "Shatter" style attack on an unspecified progress bar. |
| 4.9 | CVE-2006-4619 BUGTRAQ BUGTRAQ | ||
BeCubed -- Compression Plus | Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header. |
| 5.6 | CVE-2006-4554 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT FRSIRT FRSIRT FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA XF | ||
Internet Security Systems -- BlackICE PC Protection | RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. |
| 5.6 | CVE-2006-4541 OTHER-REF SECUNIA BUGTRAQ BID | ||
John Lim -- ADOdb | PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. |
| 5.6 | CVE-2006-4618 BUGTRAQ OTHER-REF OTHER-REF XF | ||
Lyris -- List Manager | Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter. |
| 4.2 | CVE-2006-4546 BUGTRAQ FULLDISC XF | ||
Lyris -- List Manager | Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL error or SQL injection. |
| 4.2 | CVE-2006-4547 BUGTRAQ FULLDISC | ||
Microsoft -- Word | Unspecified vulnerability in Microsoft Word 2000 allows remote user-assisted attackers to execute arbitrary code via unknown vectors, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. NOTE: as of 20060905, it is believed that this is a different vulnerability than previously announced Word vulnerabilities. |
| 5.6 | CVE-2006-4534 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA OTHER-REF SECTRACK | ||
OpenSSL Project -- OpenSSL | OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS |
| 5.6 | CVE-2006-4339 MLIST OTHER-REF FRSIRT SECUNIA UBUNTU BID | ||
PHPProjekt -- PHPProjekt | ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used. |
| 5.6 | CVE-2006-4609 BUGTRAQ BUGTRAQ FRSIRT | ||
Simple Machines -- Simple Machines Forum | SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. |
| 5.6 | CVE-2006-4564 FRSIRT SECUNIA BUGTRAQ XF | ||
Tr Forum -- Tr Forum | SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. |
| 6.0 | CVE-2006-4585 BUGTRAQ OTHER-REF Milw0rm BID SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
2Wire Inc -- HomePortal 2Wire Inc -- OfficePortal | The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. |
| 2.3 | CVE-2006-4523 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF | ||
Alt-N -- WebAdmin | The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. |
| 3.4 | CVE-2006-4620 BUGTRAQ OTHER-REF OTHER-REF SECUNIA | ||
CHXO -- Feedsplitter | CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified. |
| 2.3 | CVE-2006-4549 BUGTRAQ | ||
CHXO -- Feedsplitter | Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check. |
| 2.3 | CVE-2006-4550 BUGTRAQ | ||
DEC -- DEC OpenVMS Alpha | NET$SESSION_CONTROL.EXE before 20060825 in DECnet-Plus in OpenVMS ALPHA 7.3-2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file. |
| 1.6 | CVE-2006-4537 OTHER-REF BID OSVDB SECUNIA FRSIRT SECTRACK XF | ||
Devellion -- CubeCart | Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. |
| 2.3 | CVE-2006-4525 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
Devellion -- CubeCart | includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks. |
| 1.9 | CVE-2006-4527 OTHER-REF OTHER-REF OTHER-REF BID SECUNIA | ||
GNU -- Mailman | CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequences in the URI. |
| 1.9 | CVE-2006-4624 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
ISC -- BIND | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. |
| 2.3 | CVE-2006-4095 OTHER-REF CERT-VN FRSIRT SECTRACK SECUNIA | ||
ISC -- BIND | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. |
| 2.3 | CVE-2006-4096 OTHER-REF CERT-VN FRSIRT SECTRACK SECUNIA | ||
Linux -- Linux Kernel | Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries. |
| 2.3 | CVE-2006-4538 OTHER-REF OTHER-REF | ||
MailEnable -- MailEnable Professional MailEnable -- MailEnable Enterprise MailEnable -- MailEnable Standard | SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception. |
| 2.3 | CVE-2006-4616 OTHER-REF OTHER-REF SECTRACK | ||
Membrepass -- membrepass | Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. |
| 2.3 | CVE-2006-4528 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Microsoft -- System Information ActiveX control | System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument. |
| 2.3 | CVE-2006-4627 OTHER-REF OTHER-REF OSVDB | ||
muforum -- muforum | muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes. |
| 2.3 | CVE-2006-4595 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
OpenLDAP -- OpenLDAP | slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). |
| 1.4 | CVE-2006-4600 MLIST OTHER-REF OTHER-REF BID SECUNIA | ||
Pocket PC -- Pocket PC | PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. |
| 2.3 | CVE-2006-4614 BUGTRAQ OTHER-REF SECTRACK | ||
Secure Computing -- SnapGear | Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. |
| 3.3 | CVE-2006-4613 CYBERGUARD BID SECUNIA XF XF | ||
Shape Services -- IM+ Mobile Instant Messenger | Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file. |
| 2.3 | CVE-2006-4615 BUGTRAQ OTHER-REF | ||
Symantec -- Gateway Security | ** DISPUTED ** The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface. |
| 2.3 | CVE-2006-4562 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
Tr Forum -- Tr Forum | The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. |
| 2.8 | CVE-2006-4586 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.