Vulnerability Summary for the Week of September 11, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Akarru -- Social BookMarking Engine | PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter. |
| 7.0 | CVE-2006-4645 OTHER-REF BID FRSIRT SECUNIA XF BUGTRAQ | ||
Amazing Little Picture Poll -- Amazing Little Picture Poll Amazing Little Poll -- Amazing Little Poll | (1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php. |
| 7.0 | CVE-2006-4652 BUGTRAQ BID XF | ||
Andreas Gohr -- DokuWiki | Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php. |
| 7.0 | CVE-2006-4674 BUGTRAQ ALTERVISTA OTHER-REF SECUNIA | ||
Andreas Gohr -- DokuWiki | Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors. |
| 7.0 | CVE-2006-4675 BUGTRAQ ALTERVISTA SECUNIA | ||
BinGo News -- BinGo News | PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter. |
| 7.0 | CVE-2006-4648 OTHER-REF BID FRSIRT SECUNIA XF SECTRACK BUGTRAQ | ||
BinGo News -- BinGo News | PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter. |
| 7.0 | CVE-2006-4649 FRSIRT SECTRACK BUGTRAQ | ||
Bugada Andrea -- PHP Advanced Transfer Manager | Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpATM) 1.20 allow remote attackers to execute arbitrary PHP code via the include_location parameter in (1) activate.php, (2) configure.php, (3) fileop.php, (4) getimg.php, (5) ipblocked.php, (6) register.php, (7) showrecent.php, (8) showtophits.php, (9) usrmanag.php, (10) viewer_bottom.php, (11) viewer_content.php, and (12) viewer_top.php. NOTE: The login.php and confirm.php vectors are already covered by CVE-2006-4594. |
| 7.0 | CVE-2006-4749 BUGTRAQ | ||
C-News.fr -- C-News | PHP remote file inclusion vulnerability in affichage/commentaires.php in C-News.fr C-News 1.0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| 7.0 | CVE-2006-4629 OTHER-REF BID FRSIRT SECUNIA OSVDB XF | ||
CMS.R. -- CMS.R. | Multiple SQL injection vulnerabilities in index.php in CMS.R. allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. |
| 7.0 | CVE-2006-4736 BUGTRAQ BID | ||
ComScripts -- News Evolution | PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows remote attackers to execute arbitrary PHP code via the _NE[AbsPath] parameter in (1) install.php and (2) migrateNE2toNE3.php. |
| 7.0 | CVE-2006-4678 BUGTRAQ XF | ||
ComScripts -- Web Server Creator | PHP remote file inclusion vulnerability in news/include/customize.php in Web Server Creator 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. |
| 7.0 | CVE-2006-4746 BUGTRAQ OTHER-REF | ||
ComScripts -- PHProg | Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. |
| 7.0 | CVE-2006-4754 FULLDISC OTHER-REF OTHER-REF BID SECUNIA XF XF | ||
Drupal -- Drupal Pathauto Module | Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 7.0 | CVE-2006-4646 OTHER-REF BID FRSIRT SECUNIA XF | ||
Drupal -- Drupal Pubcookie module | The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. |
| 7.0 | CVE-2006-4717 DRUPAL BID FRSIRT SECUNIA | ||
F-ART Agency -- BLOG:CMS | Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. |
| 7.0 | CVE-2006-4748 BUGTRAQ OTHER-REF OTHER-REF XF | ||
Fire Soft Board -- Fire Soft Board | PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. |
| 7.0 | CVE-2006-4716 OTHER-REF Milw0rm BID XF | ||
GTASoft -- PhotoKorn Gallery | Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php. |
| 7.0 | CVE-2006-4670 OTHER-REF FRSIRT SECUNIA BUGTRAQ BUGTRAQ BID OSVDB OSVDB XF | ||
IBM -- Lotus Domino Web Access | IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user's privileges by intercepting the LtpaToken cookie. |
| 7.0 | CVE-2006-4763 BUGTRAQ FISHNET OTHER-REF BID | ||
IDevSpot -- PhpLinkExchange | PHP remote file inclusion vulnerability in bits_listings.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary code via the svr_rootPhpStart parameter. |
| 7.0 | CVE-2006-4741 BUGTRAQ BID | ||
Ipswitch -- IMail Secure Server Ipswitch -- IMail Plus Ipswitch -- Ipswitch Collaboration Suite | Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. |
| 7.0 | CVE-2006-4379 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA BUGTRAQ SECTRACK SECTRACK XF | ||
Jetbox -- Jetbox CMS | SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2. |
| 7.0 | CVE-2006-4737 BUGTRAQ BID XF | ||
Jetbox -- Jetbox CMS | PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS allows remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter. NOTE: The relative_script_path vector is already covered by CVE-2006-2270. |
| 7.0 | CVE-2006-4738 BUGTRAQ BID XF | ||
KorviBlog -- KorviBlog | Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. |
| 7.0 | CVE-2006-4718 FULLDISC BID SECUNIA XF | ||
McGallery -- McGallery PRO | PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. |
| 7.0 | CVE-2006-4720 Milw0rm OTHER-REF BID FRSIRT SECUNIA BUGTRAQ XF | ||
Microsoft -- Windows 2000 Microsoft -- Internet Explorer Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869. |
| 7.0 | CVE-2006-3873 OTHER-REF MS BUGTRAQ OTHER-REF BID | ||
Mirabilis -- ICQ | Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ Pro 2003b Build 3916 and earlier allows remote attackers to execute arbitrary code via an inconsistent length field of a Message in a 0x2711 Type-Length-Value (TLV) type. |
| 7.0 | CVE-2006-4662 BUGTRAQ OTHER-REF BID CERT-VN FRSIRT SECUNIA XF | ||
Muratsoft -- Haber Portal | SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal 3.6 allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
| 7.0 | CVE-2006-4641 Milw0rm BID XF | ||
MyBB -- MyBB | Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded space, as demonstrated using "java& #115;cript," a different vulnerability than CVE-2006-3761. |
| 7.0 | CVE-2006-4706 BUGTRAQ OTHER-REF MyBB FRSIRT | ||
MyBB -- MyBB | Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]). |
| 7.0 | CVE-2006-4707 BUGTRAQ OTHER-REF MyBB FRSIRT | ||
OpenBB -- OpenBB | PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2) collector.php. |
| 7.0 | CVE-2006-4722 BUGTRAQ BID FRSIRT XF | ||
Panda -- Panda Platinum Internet Security | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. |
| 7.0 | CVE-2006-4657 BUGTRAQ OTHER-REF BID SECUNIA FRSIRT | ||
phpFullAnnu -- phpFullAnnu | PHP remote file inclusion vulnerability in modules/home.module.php in phpFullAnnu 5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the repmod parameter. |
| 7.0 | CVE-2006-4644 OTHER-REF BID FRSIRT SECUNIA | ||
phpMyDirectory -- phpMyDirectory | SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4756 FRSIRT SECUNIA | ||
PHPOpenChat -- PHPOpenChat | ** DISPUTED ** PHP remote file inclusion vulnerability in contrib/yabbse/poc.php in phpopenchat before 3.0.2 allows remote attackers to execute arbitrary PHP code via the sourcedir parameter. NOTE: this issue was disputed by a third-party researcher who stated that the _REQUEST parameters were dynamically unset at the beginning of the file. Another researcher noted, and CVE agrees, that the unset PHP function can be bypassed (CVE-2006-3017). If this issue is due to a vulnerability in PHP, then it should be excluded from CVE. |
| 7.0 | CVE-2006-4677 BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF | ||
profitCode -- ppalCart | PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter to (a) index.php, or the (2) docroot parameter to (b) index.php or (c) mainpage.php. |
| 7.0 | CVE-2006-4672 Milw0rm BID XF BUGTRAQ FRSIRT SECUNIA | ||
PSYWERKS -- PUMA | PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. |
| 7.0 | CVE-2006-4713 OTHER-REF Milw0rm BID FRSIRT BUGTRAQ XF | ||
RunCMS -- RunCMS | Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in (a) class/sessions.class.php, and the (2) timezone_offset and (3) umode parameters in (b) class/xoopsuser.php. |
| 7.0 | CVE-2006-4667 BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Sage -- Sage | Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting." |
| 7.0 | CVE-2006-4712 OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID BUGTRAQ OTHER-REF FRSIRT SECUNIA XF | ||
SIPS -- SIPS | PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. |
| 7.0 | CVE-2006-4733 BUGTRAQ OTHER-REF BID | ||
Sky Gunning -- MySpeach | PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter. |
| 7.0 | CVE-2006-4630 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
SoftBB -- SoftBB | Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php. |
| 7.0 | CVE-2006-4632 BUGTRAQ OTHER-REF OTHER-REF SECTRACK SECUNIA | ||
Sponge News -- Sponge News | PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sndir parameter. |
| 7.0 | CVE-2006-4647 OTHER-REF BID FRSIRT SECUNIA XF | ||
SpoonLabs -- Vivvo Article Management CMS | SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-4715 OTHER-REF Milw0rm BID FRSIRT SECUNIA XF | ||
Stefan Ernst -- Newsscript | Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) article.php; or the (2) pwfile parameter in (b) delete.php, (c) modify.php, (d) admin.php, or (e) modify_go.php. |
| 7.0 | CVE-2006-4666 BUGTRAQ BID FRSIRT SECUNIA | ||
SZEWO -- PhpCommander | Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code. |
| 7.0 | CVE-2006-4636 OTHER-REF BID FRSIRT SECUNIA | ||
TikiWiki Project -- TikiWiki | Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. |
| 7.0 | CVE-2006-4734 BUGTRAQ SOURCEFORGE OTHER-REF BID | ||
Uni-Vert -- PhpLeague | SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-4643 BID FRSIRT SECUNIA | ||
Vikingboard -- Vikingboard | Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1b allow remote attackers to inject arbitrary web script or HTML via the (1) act parameter in (a) help.php and (b) search.php, and the (2) p parameter in report.php. |
| 7.0 | CVE-2006-4708 BUGTRAQ BID | ||
Web-Provence -- SL_Site | PHP remote file inclusion vulnerability in admin/editeur/spaw_control.class.php in Web Provence SL_Site 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. |
| 7.0 | CVE-2006-4656 BUGTRAQ OTHER-REF BID XF SECTRACK | ||
WTools -- WTools | PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. |
| 7.0 | CVE-2006-4764 BUGTRAQ BID | ||
X.Org -- X.Org XFree86 Project -- XFree86 X | Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow. |
| 7.0 | CVE-2006-3739 IDEFENSE REDHAT REDHAT GENTOO UBUNTU BID FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA | ||
X.Org -- X.Org XFree86 Project -- XFree86 X | Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections. |
| 7.0 | CVE-2006-3740 IDEFENSE REDHAT REDHAT GENTOO UBUNTU BID FRSIRT FRSIRT SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA SECUNIA | ||
XHP -- CMS | Cross-site scripting (XSS) vulnerability in index.php in Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the errcode parameter. |
| 7.0 | CVE-2006-4751 BUGTRAQ BID SECUNIA XF FRSIRT SECTRACK |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
ACGV News -- ACGV News | Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information. |
| 5.6 | CVE-2006-4637 SECUNIA BUGTRAQ BID FRSIRT XF | ||
ACGV News -- ACGV News | PHP remote file inclusion vulnerability in article.php in ACGV News 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter. |
| 5.6 | CVE-2006-4638 Milw0rm SECUNIA BID FRSIRT XF | ||
Adobe -- Flex Adobe -- Flash | Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash Professional 8, Flash MX 2004, and Flex 1.5 allows user-assisted remote attackers to execute arbitrary code via a long, dynamically created string in a SWF movie. |
| 5.6 | CVE-2006-3311 BUGTRAQ OTHER-REF OTHER-REF SECUNIA REDHAT BID FRSIRT FRSIRT | ||
Adobe -- Flash | Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors. |
| 4.9 | CVE-2006-4640 OTHER-REF SECUNIA BID FRSIRT FRSIRT | ||
Apple -- QuickTime Player | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. |
| 5.6 | CVE-2006-4381 BUGTRAQ OTHER-REF APPLE BID FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. |
| 5.6 | CVE-2006-4382 APPLE BID BUGTRAQ CERT CERT-VN FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. |
| 5.6 | CVE-2006-4384 IDEFENSE APPLE BID BUGTRAQ FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. |
| 5.6 | CVE-2006-4385 APPLE BID BUGTRAQ FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. |
| 5.6 | CVE-2006-4386 BUGTRAQ APPLE BID BUGTRAQ OTHER-REF CERT CERT-VN FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. |
| 5.6 | CVE-2006-4388 APPLE BID BUGTRAQ FRSIRT SECUNIA | ||
Apple -- QuickTime Player | Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. |
| 5.6 | CVE-2006-4389 APPLE BID BUGTRAQ CERT CERT-VN FRSIRT SECUNIA | ||
C-News.fr -- C-News | Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) formulaire_commentaires.php, (2) affichage/liste_news.php, (3) affichage/news_complete.php, or (4) affichage/pagination.php. NOTE: the provenance of some of this information is unknown; some details are obtained from third party information. |
| 5.6 | CVE-2006-4639 FRSIRT SECUNIA XF BUGTRAQ | ||
CCleague -- Pro Sports CMS | Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file. |
| 5.6 | CVE-2006-4721 Milw0rm FRSIRT SECUNIA | ||
EFS Software -- Easy Address Book Web Server | Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string. |
| 5.6 | CVE-2006-4654 BUGTRAQ BID XF | ||
Fscripts -- Fantastic News | PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter, a different vector than CVE-2006-1154. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 5.6 | CVE-2006-4671 FRSIRT SECUNIA | ||
ICQ Inc -- ICQ Toolbar | Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed module in AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) allow remote attackers to process arbitrary web script or HTML in the Feeds interface context via the (1) title and (2) description elements within an item element in an RSS feed. |
| 4.7 | CVE-2006-4660 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Microchip Data Systems -- ZipTV for Delphi 7 Microchip Data Systems -- ZipTV for C++ Builder | Heap-based buffer overflow in ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16 allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header, which is not properly handled by the TZipTV component. NOTE: the ACE archive vector is covered by CVE-2005-2856. |
| 5.6 | CVE-2006-2482 OTHER-REF BID FRSIRT SECUNIA XF | ||
Microsoft -- Publisher Microsoft -- Office | Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. |
| 5.6 | CVE-2006-0001 BUGTRAQ OTHER-REF MS BID FRSIRT SECUNIA CERT CERT-VN | ||
Microsoft -- Windows XP | Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. |
| 5.6 | CVE-2006-3442 MS FRSIRT SECUNIA CERT CERT-VN | ||
Microsoft -- Visual Basic | Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object. |
| 4.9 | CVE-2006-4732 BUGTRAQ OTHER-REF | ||
MyABraCaDaWeb -- MyABraCaDaWeb | Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php. |
| 5.6 | CVE-2006-4719 Milw0rm MLIST FRSIRT SECUNIA BID XF | ||
OPENi-CMS Group -- OPENi-CMS | PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter. |
| 5.6 | CVE-2006-4750 OTHER-REF Milw0rm BID FRSIRT SECUNIA XF | ||
Premod Shadow -- Premod Shadow | PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 5.6 | CVE-2006-4664 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF FRSIRT | ||
RaidenHTTPD -- RaidenHTTPD | PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. |
| 5.6 | CVE-2006-4723 Milw0rm BID FRSIRT SECUNIA XF | ||
SCO -- UnixWare Sun -- Solaris | Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
| 4.9 | CVE-2006-4655 OTHER-REF SUNALERT BUGTRAQ BID FRSIRT FRSIRT SECTRACK SECUNIA XF SECUNIA SECUNIA | ||
SoftBB -- SoftBB | Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request. |
| 4.2 | CVE-2006-4631 BUGTRAQ ACID ROOT Milw0rm SECTRACK SECUNIA | ||
Somery -- Somery | PHP remote file inclusion vulnerability in admin/system/include.php in Somery 0.4.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter. |
| 5.6 | CVE-2006-4669 OTHER-REF FRSIRT SECUNIA BID XF | ||
SpoonLabs -- Vivvo Article Management CMS | PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the classified_path parameter. |
| 5.6 | CVE-2006-4714 OTHER-REF Milw0rm FRSIRT SECUNIA XF | ||
Squiz -- MySource Classic | Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue. |
| 4.2 | CVE-2006-4635 OTHER-REF BID SECUNIA FRSIRT XF |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Abidia -- O-Anywhere Abidia -- Abidia Wireless | Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing. |
| 2.3 | CVE-2006-4744 BUGTRAQ OTHER-REF | ||
Amazing Little Picture Poll -- Amazing Little Picture Poll Amazing Little Poll -- Amazing Little Poll | (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). |
| 2.3 | CVE-2006-4653 BUGTRAQ BID XF | ||
Andreas Gohr -- DokuWiki | DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug". |
| 2.3 | CVE-2006-4679 BUGTRAQ ALTERVISTA | ||
AuditWizard -- AuditWizard | AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file. |
| 1.0 | CVE-2006-4642 BUGTRAQ SECTRACK SECUNIA XF FRSIRT | ||
Benjamin Pasero and Tobias Eichert -- RSSOwl | Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. |
| 2.3 | CVE-2006-4760 OTHER-REF | ||
cairohost -- VBZooM | Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows remote attackers to inject arbitrary web script or HTML via the UserID parameter, a different vector than CVE-2006-1133 and CVE-2005-2441. |
| 2.3 | CVE-2006-4634 BUGTRAQ BID SECUNIA XF | ||
Canon -- imageRUNNER | The Remote UI in Canon imageRUNNER includes usernames and passwords when exporting an address book, which allows context-dependent attackers to obtain sensitive information. |
| 1.4 | CVE-2006-4680 BUGTRAQ BUGTRAQ BID FRSIRT SECUNIA | ||
Cisco -- IOS | Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. |
| 1.9 | CVE-2006-4650 BUGTRAQ OTHER-REF CISCO SECTRACK FRSIRT SECUNIA XF | ||
ComScripts -- PHProg | Directory traversal vulnerability in index.php in PHProg before 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. |
| 2.3 | CVE-2006-4753 FULLDISC OTHER-REF OTHER-REF BID SECUNIA XF | ||
Dominic Gamble -- Timesheet.php | SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| 2.3 | CVE-2006-4705 BUGTRAQ BLOGSPOT FRSIRT SECUNIA | ||
e107.org -- e107 website system | Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." |
| 1.1 | CVE-2006-4757 BUGTRAQ OTHER-REF | ||
IBM -- Director | Directory traversal vulnerability in Redirect.bat in IBM Director before 5.10 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the file parameter. |
| 2.3 | CVE-2006-4681 Milw0rm AIXAPAR BID FRSIRT SECTRACK SECUNIA XF | ||
IBM -- Director | Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. |
| 2.3 | CVE-2006-4682 AIXAPAR BID FRSIRT SECUNIA | ||
IBM -- Director | IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. |
| 2.3 | CVE-2006-4683 AIXAPAR BID FRSIRT SECUNIA | ||
ICQ Inc -- ICQ Toolbar | AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. |
| 1.9 | CVE-2006-4661 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
IDevSpot -- PhpLinkExchange | Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 2.3 | CVE-2006-4742 BUGTRAQ BID | ||
IdevSpot -- TextAds | Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter in delete.php and (2) the error parameter in error.php. |
| 2.3 | CVE-2006-4747 BUGTRAQ BID | ||
Jetbox -- Jetbox CMS | Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the OriginalImageData parameter to phpthumb.php. |
| 1.9 | CVE-2006-4739 BUGTRAQ BID XF | ||
Jetbox -- Jetbox CMS | Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message. |
| 2.3 | CVE-2006-4740 BUGTRAQ BID XF | ||
Kellan Elliott-McCrea -- MagpieRSS | Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain sensitive information via a direct request for (1) rss_fetch.inc.php or (2) rss_parse.inc.php, which reveals the path in various error messages. |
| 2.3 | CVE-2006-4735 BUGTRAQ XF | ||
LedgerSMB -- LedgerSMB DWS Systems Inc. -- SQL-Ledger | Directory traversal vulnerability in login.pl in (1) SQL-Ledger before 2.6.19 and (2) LedgerSMB before 1.0.0p1 allows remote attackers to execute arbitrary Perl code via unspecified vectors involving the terminal parameter. |
| 2.3 | CVE-2006-4731 OTHER-REF OTHER-REF OTHER-REF FRSIRT FRSIRT SECUNIA SECUNIA BUGTRAQ BID | ||
Linux -- Linux kernel | The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. |
| 3.3 | CVE-2006-4623 MLIST BID SECUNIA FRSIRT | ||
Linux -- Linux kernel | ** DISPUTED ** The source code tar archive of the Linux kernel 2.6.16, 2.6.17.11, and possibly other versions specifies weak permissions (0666 and 0777) for certain files and directories, which might allow local users to insert Trojan horse source code that would be used during the next kernel compilation. NOTE: another researcher disputes the vulnerability, stating that he finds "Not a single world-writable file or directory." CVE analysis as of 20060908 indicates that permissions will only be weak under certain unusual or insecure scenarios. |
| 2.3 | CVE-2006-4663 BUGTRAQ BUGTRAQ | ||
Luke Hutteman -- SharpReader | Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. |
| 2.3 | CVE-2006-4761 OTHER-REF | ||
Microsoft -- Windows 2000 Microsoft -- Windows Server 2003 Microsoft -- Windows XP | Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving Internet Information Services (IIS). |
| 2.3 | CVE-2006-0032 MS BID FRSIRT SECUNIA CERT CERT-VN | ||
MKPortal -- MKPortal | Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHP_SELF variable. NOTE: Some details are obtained from third party information. |
| 2.3 | CVE-2006-4665 BUGTRAQ FRSIRT SECUNIA XF | ||
Mono -- XSP SuSE -- SuSE Open Enterprise Server SuSE -- SuSE Linux Professional SuSE -- SuSE Linux Personal | Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. |
| 2.3 | CVE-2006-2658 SUSE BID FRSIRT SECUNIA SECTRACK | ||
NewsGator -- FeedDemon | Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. |
| 2.3 | CVE-2006-4710 OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF | ||
Panda -- Panda Platinum Internet Security | Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses sequential message numbers in generated URLs that are not filtered if the user replies to a message, which might allow remote attackers to determine mail usage patterns. |
| 2.3 | CVE-2006-4658 BUGTRAQ OTHER-REF BID SECUNIA | ||
Panda -- Panda Platinum Internet Security | The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses predictable URLs for the spam classification of each message, which allows remote attackers to cause Panda to classify arbitrary messages as spam via a web page that contains IMG tags with the predictable URLs. NOTE: this issue could also be regarded as a cross-site request forgery (CSRF) vulnerability. |
| 2.3 | CVE-2006-4659 BUGTRAQ OTHER-REF BID SECUNIA | ||
PHP -- PHP | PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. |
| 3.3 | CVE-2006-4625 BUGTRAQ BUGTRAQ SECURITY REASON BID BUGTRAQ XF | ||
PHP-Fusion -- PHP-Fusion PHP-Fusion -- PHP_Fusion | Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. |
| 1.9 | CVE-2006-4673 BUGTRAQ ALTERVISTA BID SECUNIA OTHER-REF FRSIRT XF | ||
phpBB Group -- phpBB | phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00. |
| 2.2 | CVE-2006-4758 BUGTRAQ OTHER-REF | ||
phpMyDirectory -- phpMyDirectory | Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-4755 FRSIRT SECUNIA | ||
PunBB -- PunBB | PunBB 1.2.12 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by creating an avatar image file containing PHP code in the EXIF data, and uploading the file via unspecified vectors. |
| 2.2 | CVE-2006-4759 BUGTRAQ OTHER-REF | ||
Rob Hensley -- AckerTodo | Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. |
| 2.3 | CVE-2006-4668 BUGTRAQ BID SECUNIA FRSIRT XF | ||
Sage -- Sage | Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. |
| 2.3 | CVE-2006-4711 OTHER-REF OTHER-REF OTHER-REF | ||
ScaryBear -- PocketExpense Pro | ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to protect a data file whose contents are stored in plaintext, which allows local users to disable authentication and access the file by modifying a certain value in the file header. |
| 3.3 | CVE-2006-4745 BUGTRAQ OTHER-REF | ||
SoftBB -- SoftBB | index.php in SoftBB 0.1, and possibly earlier, allows remote attackers to obtain the installation path via a null or invalid page[] parameter. |
| 2.3 | CVE-2006-4633 BUGTRAQ OTHER-REF OTHER-REF SECTRACK | ||
Threesquared.net -- Php download script | Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter. |
| 2.3 | CVE-2006-4651 BUGTRAQ FRSIRT SECUNIA XF | ||
TIBCO -- RendezVous | TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file. |
| 1.3 | CVE-2006-4676 Milw0rm BID FRSIRT SECUNIA | ||
TWiki -- TWiki | Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. |
| 2.3 | CVE-2006-4294 OTHER-REF BID SECTRACK FRSIRT SECUNIA | ||
VCD-db -- VCD-db | Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments. |
| 2.3 | CVE-2006-4628 OTHER-REF SECUNIA BID FRSIRT XF | ||
Vikingboard -- Vikingboard | SQL injection vulnerability in topic.php in Vikingboard 0.1b allows remote attackers to execute arbitrary SQL commands via the s parameter. |
| 2.3 | CVE-2006-4709 BUGTRAQ BID | ||
WordPress -- WordPress | WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. |
| 2.3 | CVE-2006-4743 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ | ||
XHP -- CMS | Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote attackers to obtain the installation path via a query to the engine module, probably with an invalid action parameter. |
| 2.3 | CVE-2006-4752 BUGTRAQ SECUNIA FRSIRT SECTRACK XF | ||
Ykoon -- RssReader | Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb Sima RSS and Atom feed reader test suite. |
| 2.3 | CVE-2006-4762 OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.