Vulnerability Summary for the Week of September 25, 2006
Released
Oct 02, 2006
Document ID
SB06-275
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
| High Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Activision -- Call of Duty 2 Activision -- Call of Duty Activision -- Call of Duty United Offensive | Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. |
| 7.0 | CVE-2006-5058 OTHER-REF BID SECUNIA | ||
| Aspindir -- xweblog | SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the kategori parameter. |
| 7.0 | CVE-2006-5023 OTHER-REF BID XF | ||
| Blue Dragon -- PHP Blue Dragon | Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query. |
| 7.0 | CVE-2006-4960 OTHER-REF FRSIRT SECUNIA XF BID XF | ||
| Blue Dragon -- PHP Blue Dragon | SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. |
| 7.0 | CVE-2006-4961 OTHER-REF FRSIRT SECUNIA XF BID | ||
| Chumpsoft -- phpQuestionnaire | PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter. |
| 7.0 | CVE-2006-4966 OTHER-REF Milw0rm BID XF BUGTRAQ SECUNIA | ||
| Cisco -- Cisco Network Access Control | Cisco NAC allows quarantined devices to communicate over the network with (1) DNS, (2) DHCP, and (3) EAPoUDP, which allows attackers to bypass control methods by tunneling network traffic through one of these protocols. |
| 7.0 | CVE-2006-4983 BUGTRAQ OTHER-REF | ||
| e-Vision -- e-Vision CMS | SQL injection vulnerability in admin/all_users.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to execute arbitrary SQL commands via the from parameter. |
| 7.0 | CVE-2006-5017 BUGTRAQ BID | ||
| exV2 -- exV2 | SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. |
| 7.0 | CVE-2006-5030 OTHER-REF BID SECUNIA XF | ||
| FiWin -- SS28S WiFi VoIP SIP/Skype Phone | The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. |
| 7.0 | CVE-2006-5038 FULLDISC OTHER-REF BID | ||
| Forum One -- syntaxCMS | PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the init_path parameter. |
| 7.0 | CVE-2006-5055 FULLDISC OTHER-REF FRSIRT | ||
| FreeBSD -- FreeBSD | Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178. |
| 7.0 | CVE-2006-4172 IDEFENSE BUGTRAQ SECUNIA | ||
| Grayscale -- BandSite CMS | Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter in (1) adminpanel/includes/mailinglist/mlist_xls.php and (2) adminpanel/includes/add_forms/addmp3.php. NOTE: the other vectors from the original disclosure are already covered by CVE-2006-3193. |
| 7.0 | CVE-2006-4984 BUGTRAQ BID | ||
| IBM -- AIX | Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors. |
| 7.0 | CVE-2006-5003 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login. |
| 7.0 | CVE-2006-5005 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument. |
| 7.0 | CVE-2006-5006 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors. |
| 7.0 | CVE-2006-5008 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow. |
| 7.0 | CVE-2006-5009 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program. |
| 7.0 | CVE-2006-5010 OTHER-REF AIXAPAR | ||
| IBM -- AIX | Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". |
| 7.0 | CVE-2006-5011 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| Ipswitch -- WS_FTP Server | Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command. |
| 7.0 | CVE-2006-4974 OTHER-REF BID XF SECUNIA | ||
| iyzi Forum -- iyzi Forum | SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter. |
| 7.0 | CVE-2006-5054 OTHER-REF FRSIRT | ||
| Joomla! -- JD-WordPress | Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for Joomla! (com_jd-wp) 2.0-1.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) wp-comments-post.php, (2) wp-feed.php, or (3) wp-trackback.php. |
| 7.0 | CVE-2006-4992 OTHER-REF OTHER-REF OTHER-REF BID OSVDB OSVDB OSVDB | ||
| Joomla! -- BSQ Sitestats | PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-4995 OTHER-REF OTHER-REF | ||
| Joomla! -- JoomlaLib | Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." |
| 7.0 | CVE-2006-4996 OTHER-REF OTHER-REF OTHER-REF | ||
| Kietu -- Kietu | PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter. |
| 7.0 | CVE-2006-5015 BUGTRAQ MLIST BID XF | ||
| MAXdev -- MD-Pro | Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker. |
| 7.0 | CVE-2006-4964 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA | ||
| Microsoft -- Office Microsoft -- Office XP | Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-complicit attackers to execute arbitrary code via a crafted PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. |
| 8.0 | CVE-2006-4694 OTHER-REF OTHER-REF BID OTHER-REF CERT-VN FRSIRT | ||
| NextAge -- NextAge Shopping Cart | Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php. |
| 7.0 | CVE-2006-4967 BUGTRAQ FRSIRT SECTRACK SECUNIA | ||
| Patrick Michaelis -- Wili-CMS | Multiple PHP remote file inclusion vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to execute arbitrary PHP code via a URL in the globals[content_dir] parameter in (1) example-view/templates/article.php, (2) example-view/templates/root.php, and (3) example-view/templates/dates_list.php. |
| 7.0 | CVE-2006-4987 BUGTRAQ BID | ||
| PhotoPost -- PhotoPost PHP Pro | Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828. |
| 7.0 | CVE-2006-4990 BUGTRAQ | ||
| PHPartenaire -- PHPartenaire | PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the url_phpartenaire parameter. |
| 7.0 | CVE-2006-5032 OTHER-REF SECUNIA XF | ||
| pNews Systems -- pNews | PHP remote file inclusion vulnerability in includes/global.php in Joshua Wilson pNews System 1.1.0 (aka PowerNews) allows remote attackers to execute arbitrary PHP code via a URL in the nbs parameter. |
| 7.0 | CVE-2006-5022 OTHER-REF BID XF | ||
| PostNuke Software Foundation -- PNphpBB | PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| 7.0 | CVE-2006-4968 BUGTRAQ OTHER-REF FRSIRT BUGTRAQ BUGTRAQ OTHER-REF BID XF SECTRACK | ||
| RedBLoG -- RedBLoG | Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 7.0 | CVE-2006-5021 BID | ||
| SolidState -- SolidState | Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_path parameter in manager/pages/ scripts including (1) AccountsPage.class.php, (2) AddInvoicePage.class.php, (3) AddIPAddressPage.class.php, (4) AddPaymentPage.class.php, (5) AddTaxRulePage.class.php, (6) AssignDomainPage.class.php, (7) AssignHostingPage.class.php, (8) AssignProductPage.class.php, (9) BillingPage.class.php, (10) BillingPaymentPage.class.php, (11) BrowseAccountsPage.class.php, (12) BrowseInvoicesPage.class.php, (13) ConfigureEditUserPage.class.php, (14) ConfigureNewUserPage.class.php, (15) ConfigureNewUserReceiptPage.class.php, (16) ConfigureUsersPage.class.php, (17) DeleteAccountPage.class.php, (18) DeleteDomainServicePage.class.php, (19) DeleteHostingServicePage.class.php, (20) DeleteInvoicePage.class.php, (21) DeleteProductPage.class.php, (22) DeleteServerPage.class.php, (23) DomainServicesPage.class.php, (24) DomainsPage.class.php, (25) EditAccountPage.class.php, (26) EditDomainPage.class.php, (27) EditDomainServicePage.class.php, (28) EditHostingServicePage.class.php, (29) EditPaymentPage.class.php, (30) EditProductPage.class.php, (31) EditServerPage.class.php, (32) EmailInvoicePage.class.php, (33) ExecuteOrderPage.class.php, (34) ExpiredDomainsPage.class.php, (35) FulfilledOrdersPage.class.php, (36) GenerateInvoicesPage.class.php, (37) HomePage.class.php, (38) InactiveAccountsPage.class.php, (39) IPManagerPage.class.php, (40) LoginPage.class.php, (41) LogPage.class.php, (42) ModulesPage.class.php, (43) NewAccountPage.class.php, (44) NewDomainServicePage.class.php, (45) NewProductPage.class.php, (46) OutstandingInvoicesPage.class.php, (47) PendingAccountsPage.class.php, (48) PendingOrdersPage.class.php, (49) PrintInvoicePage.class.php, (50) ProductsPage.class.php, (51) RegisterDomainPage.class.php, (52) RegisteredDomainsPage.class.php, (53) ServersPage.class.php, (54) ServicesHostingServicesPage.class.php, (55) ServicesNewHostingPage.class.php, (56) ServicesPage.class.php, (57) ServicesWebHostingPage.class.php, (58) SettingsPage.class.php, (59) TaxesPage.class.php, (60) TransferDomainPage.class.php, (61) ViewAccountPage.class.php, (62) ViewDomainServicePage.class.php, (63) ViewHostingServicePage.class.php, (64) ViewInvoicePage.class.php, (65) ViewLogMessagePage.class.php, (66) ViewOrderPage.class.php, (67) ViewProductPage.class.php, (68) ViewServerPage.class.php, (69) WelcomeEmailPage.class.php; and (70) modules/RegistrarModule.class.php, (71) modules/SolidStateModule.class.php, (72) modules/authorizeaim/authorizeaim.class.php, and (73) modules/authorizeaim/pages/AAIMConfigPage.class.php. |
| 7.0 | CVE-2006-5020 OTHER-REF XF | ||
| Squiz -- MySource Classic Squiz -- MySource Matrix | ** DISPUTED ** MySource Matrix 3.8 and earlier, and MySource 2.x, allow remote attackers to use the application as an HTTP proxy server via the sq_remote_page_url parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability." |
| 7.0 | CVE-2006-5036 BUGTRAQ OTHER-REF | ||
| Squiz -- MySource Matrix | ** DISPUTED ** MySource Matrix after 3.8 allows remote attackers to use the application as an HTTP proxy server via a MIME encoded URL in the sq_content_src parameter to access arbitrary sites with the server's IP address and conduct cross-site scripting (XSS) attacks. NOTE: the researcher reports that "The vendor does not consider this a vulnerability." |
| 7.0 | CVE-2006-5037 BUGTRAQ OTHER-REF | ||
| Sun -- Sun Secure Global Desktop | Cross-site scripting (XSS) vulnerability in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. |
| 7.0 | CVE-2006-4958 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK XF | ||
| Voice of Web -- AllMyGuests | Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone). |
| 7.0 | CVE-2006-4993 OTHER-REF XF | ||
| WAHM E-Commerce -- Pie Cart Pro | Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce Pie Cart Pro allow remote attackers to execute arbitrary PHP code via a URL in the Inc_Dir parameter in (1) affiliates.php, (2) orders.php, (3) events.php, (4) index.php, (5) articles.php, (6) faqs.php, (7) guestbook.php, (8) catalog.php, (9) wholesale.php, (10) weblinks.php, (11) certificates.php, (12) sitesearch.php, (13) contact.php, (14) sitemap.php, (15) search.php, (16) registry.php, or (17) error.php. |
| 7.0 | CVE-2006-4969 Milw0rm BID XF | ||
| WAHM E-Commerce -- Pie Cart Pro | PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter. |
| 7.0 | CVE-2006-4970 BUGTRAQ Milw0rm BID XF | ||
| Walter Beschmout -- PhpQuiz | Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI. |
| 7.0 | CVE-2006-4978 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Web-News -- Web-News | PHP remote file inclusion vulnerability in webnews/template.php in Web-News 1.6.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content_page parameter. |
| 7.0 | CVE-2006-5053 OTHER-REF BID FRSIRT OSVDB SECUNIA XF | ||
| WoltLab -- Burning Board | SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4. |
| 7.0 | CVE-2006-5029 BUGTRAQ BUGTRAQ |
| Medium Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apache Friends -- XAMPP | Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. |
| 4.9 | CVE-2006-4994 FULLDISC OTHER-REF OTHER-REF XF | ||
| Blue Dragon -- PHP Blue Dragon | Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence via the phpExt parameter, as demonstrated by executing PHP code in a log file. |
| 4.7 | CVE-2006-4962 OTHER-REF FRSIRT SECUNIA BID XF | ||
| Cisco -- Cisco Network Access Control | Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer. |
| 4.9 | CVE-2006-4982 BUGTRAQ OTHER-REF | ||
| CMSDevelopment -- Business Card Web Builder | PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. |
| 5.6 | CVE-2006-4946 Milw0rm BID FRSIRT SECUNIA XF | ||
| Computer Associates -- eTrust Audit Client Computer Associates -- eTrust Audit DataTools Computer Associates -- eTrust Audit Policy Manager Computer Associates -- eTrust Security Command Center | Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments. |
| 4.7 | CVE-2006-4901 OTHER-REF CA CA OSVDB SECUNIA BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK SECTRACK SECUNIA XF | ||
| cPanel -- cPanel | Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. |
| 6.0 | CVE-2006-5014 OTHER-REF OTHER-REF BID SECTRACK SECUNIA | ||
| Exponent -- Exponent CMS | Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence in the view parameter in the show_view action in the calendarmodule module, as demonstrated by executing PHP code through session files. |
| 4.7 | CVE-2006-4963 Milw0rm BID FRSIRT SECUNIA | ||
| IBM -- AIX | Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. |
| 4.9 | CVE-2006-5007 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| Ipswitch -- WS_FTP Server | Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. |
| 4.2 | CVE-2006-5000 OTHER-REF OTHER-REF | ||
| Ipswitch -- WS_FTP Server | Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. |
| 4.9 | CVE-2006-5001 | ||
| Joomla! -- Events module | Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5039 OTHER-REF OTHER-REF | ||
| Joomla! -- SEF4040x | Unspecified vulnerability in SEF404x (com_sef) for Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5040 OTHER-REF | ||
| Joomla! -- Hot Properties | Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5041 OTHER-REF | ||
| Joomla! -- mosMedia | Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5042 OTHER-REF OTHER-REF | ||
| Joomla! -- JoomlaBoard | Unspecified vulnerability in JoomlaBoard (com_joomlaboard) 1.1.1 and earlier for Joomla! has unspecified impact and attack vectors, possibly related to sbp file inclusion, a variant of CVE-2006-3528. |
| 4.9 | CVE-2006-5043 OTHER-REF OTHER-REF FRSIRT SECUNIA | ||
| Joomla! -- RS Gallery2 | Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." |
| 4.9 | CVE-2006-5046 OTHER-REF OTHER-REF OTHER-REF | ||
| Joomla! -- RS Gallery2 | Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. |
| 4.9 | CVE-2006-5047 OTHER-REF | ||
| Joomla! -- Security Images component | Unspecified vulnerability in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! has unspecified impact and attack vectors, possibly a PHP remote file inclusion vulnerability in the mosConfig_absolute_path parameter in configinsert.php, lang.php, client.php, and server.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 4.9 | CVE-2006-5048 OTHER-REF OTHER-REF SECUNIA | ||
| Joomla! -- Classifieds component | Unspecified vulnerability in Classifieds (com_classifieds) component 1.3 and earlier for Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5049 OTHER-REF OTHER-REF | ||
| Mambo -- Prince Clan Chess component Joomla! -- Prince Clan Chess component | Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. |
| 4.9 | CVE-2006-5044 OTHER-REF OTHER-REF | ||
| MyBB -- MyBB | Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter. |
| 5.6 | CVE-2006-4972 BUGTRAQ FRSIRT SECUNIA | ||
| OpenBSD -- OpenSSH | Signal handler race condition in OpenSSH before 4.4 allows remote remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors. |
| 5.6 | CVE-2006-5051 MLIST | ||
| Paisterist -- Simple HTTP Scanner | Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. |
| 4.9 | CVE-2006-5024 OTHER-REF BID SECUNIA | ||
| Paisterist -- Simple HTTP Scanner | Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors. |
| 4.9 | CVE-2006-5025 OTHER-REF | ||
| Paisterist -- Simple HTTP Scanner | Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors. |
| 4.9 | CVE-2006-5026 OTHER-REF | ||
| Sun -- Solaris | Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. |
| 4.7 | CVE-2006-5012 SUNALERT FRSIRT SECUNIA | ||
| Symantec -- Sygate Network Access Control | Symantec Sygate NAC allows physically proximate attackers to bypass control methods and join a local network by selecting a forged MAC address associated with an exception rule that (1) permits all non-Windows devices or (2) whitelists certain sets of Organizationally Unique Identifiers (OUIs). |
| 4.9 | CVE-2006-4981 BUGTRAQ OTHER-REF |
| Low Vulnerabilities |
|---|
| Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
|---|---|---|---|---|---|---|
| Apple -- Quicktime plugin Apple -- Quicktime Player | Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. |
| 2.3 | CVE-2006-4965 OTHER-REF BID SECUNIA BUGTRAQ | ||
| Cake Software Foundation -- CakePHP | Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. |
| 2.3 | CVE-2006-5031 OTHER-REF OTHER-REF BID SECUNIA | ||
| Computer Associates -- eTrust Security Command Center | The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. |
| 2.3 | CVE-2006-4899 OTHER-REF CA CA OSVDB SECUNIA BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK XF | ||
| Computer Associates -- eTrust Security Command Center | Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function. |
| 2.8 | CVE-2006-4900 OTHER-REF CA CA OSVDB SECUNIA BUGTRAQ BUGTRAQ BID FRSIRT SECTRACK XF | ||
| ContentKeeper Technologies -- ContentKeeper | ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI. |
| 1.4 | CVE-2006-5018 BUGTRAQ OTHER-REF BID | ||
| DotNetNuke -- DotNetNuke | Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. |
| 2.3 | CVE-2006-4973 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
| e-Vision -- e-Vision CMS | Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory. |
| 2.3 | CVE-2006-5016 BUGTRAQ BID | ||
| FreeBSD -- FreeBSD | Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. |
| 2.3 | CVE-2006-4178 IDEFENSE BUGTRAQ SECUNIA | ||
| Google -- Mini Search Appliance | Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message. |
| 2.3 | CVE-2006-5019 BUGTRAQ BID | ||
| Grayscale -- BandSite CMS | Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/includes/helpfiles/help_mp3.php, (2) the message_text parameter in adminpanel/includes/mailinglist/sendemail.php, (3) the this_year parameter in includes/footer.php, and the the_band parameter in (4) adminpanel/includes/helpfiles/help_news.php (5) adminpanel/includes/helpfiles/help_merch.php, (6) adminpanel/includes/header.php, and (7) adminpanel/login_header.php; and includes/content/ files including (8) bio_content.php, (9) gbook_content.php, (10) interview_content.php, (11) links_content.php, (12) lyrics_content.php, (13) member_content.php, (14) merch_content.php, (15) mp3_content.php, (16) news_content.php, (17) pastshows_content.php, (18) photo_content.php, (19) releases_content.php, (20) reviews_content.php, (21) shows_content.php, and (22) signgbook_content.php. |
| 2.3 | CVE-2006-4985 BUGTRAQ BID | ||
| Grayscale -- BandSite CMS | Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory, (2) includes/shows_preview.php, and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php, (5) mailinglist/dispxls.php, (6) mailinglist/sendshows.php, (7) adminpanel/includes/previews/preview_bio.php, (8) adminpanel/includes/previews/preview_genmerch.php, (9) adminpanel/includes/previews/preview_fliers.php, (10) adminpanel/includes/previews/preview_gbook.php, (11) adminpanel/includes/previews/preview_interviews.php, (12) adminpanel/includes/previews/preview_links.php, (13) adminpanel/includes/previews/preview_lyrics.php, (14) adminpanel/includes/previews/preview_membio.php, (15) adminpanel/includes/previews/preview_merchphotos.php, (16) adminpanel/includes/previews/preview_mp3s.php, (17) adminpanel/includes/previews/preview_news.php, (18) adminpanel/includes/previews/preview_photos.php, (19) adminpanel/includes/previews/preview_releases.php, (20) adminpanel/includes/previews/preview_relmerch.php, (21) adminpanel/includes/previews/preview_relphotos.php, (22) adminpanel/includes/previews/preview_reviews.php, (23) adminpanel/includes/previews/preview_shows.php, (24) adminpanel/includes/previews/preview_wearmerch.php, (25) adminpanel/includes/change_forms/change_bio.php, (26) adminpanel/includes/change_forms/change_fliers.php, (27) adminpanel/includes/change_forms/change_gbook.php, (28) adminpanel/includes/change_forms/change_gen_merch.php, (29) adminpanel/includes/change_forms/change_interview.php, (30) adminpanel/includes/change_forms/change_links.php, (31) adminpanel/includes/change_forms/change_lyrics.php, (32) adminpanel/includes/change_forms/change_members.php, (33) adminpanel/includes/change_forms/change_merch.php, (34) adminpanel/includes/change_forms/change_merch_pic.php, (35) adminpanel/includes/change_forms/change_mp3s.php, (36) adminpanel/includes/change_forms/change_news.php, (37) adminpanel/includes/change_forms/change_photos.php, (38) adminpanel/includes/change_forms/change_rel_merch.php, (39) adminpanel/includes/change_forms/change_rel_pic.php, (40) adminpanel/includes/change_forms/change_releases.php, (41) adminpanel/includes/change_forms/change_reviews.php, (42) adminpanel/includes/change_forms/change_shows.php, and (43) adminpanel/includes/change_forms/change_wear_merch.php, which reveals the path in various error messages. |
| 2.3 | CVE-2006-4986 BUGTRAQ BID | ||
| IBM -- Inventory Scout | Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors. |
| 2.3 | CVE-2006-5002 OTHER-REF AIXAPAR BID SECUNIA | ||
| IBM -- AIX | Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors. |
| 1.6 | CVE-2006-5004 OTHER-REF AIXAPAR AIXAPAR BID SECUNIA | ||
| Jeroen Vennegoor -- JevonCMS | Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers to obtain sensitive information via a direct request for php/main/phplib files (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysql.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, and (7) db_pgsql.inc; and (8) db_sybase.inc, which reveals the path in various error messages. |
| 2.3 | CVE-2006-5027 BUGTRAQ | ||
| John Lim -- ADOdb Date Library | The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages. |
| 2.3 | CVE-2006-4976 BUGTRAQ | ||
| Joomla! -- PollXT | Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors. |
| 3.9 | CVE-2006-5045 OTHER-REF OTHER-REF SECUNIA | ||
| Ktools.net -- PhotoStore | Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net PhotoStore allow remote attackers to inject arbitrary web script or HTML via the (1) gid parameter in details.php, or the (2) photogid parameter in view_photog.php. |
| 2.3 | CVE-2006-5057 BUGTRAQ BID | ||
| MyBB -- MyBB | MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message. |
| 2.3 | CVE-2006-4971 BUGTRAQ FRSIRT | ||
| OpenBSD -- OpenSSH | sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector. |
| 3.3 | CVE-2006-4924 OTHER-REF BID SECUNIA MLIST | ||
| OpenBSD -- OpenSSH | Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort." |
| 2.3 | CVE-2006-5052 MLIST | ||
| Opial -- Opial Audio/Video Download Management | Cross-site scripting (XSS) vulnerability in index.php in Opial Audio/Video Download Management 1.0 allows remote attackers to inject arbitrary web script or HTML via the destination parameter in the Login view. |
| 2.3 | CVE-2006-5056 BUGTRAQ BID | ||
| Patrick Michaelis -- Wili-CMS | Multiple cross-site scripting (XSS) vulnerabilities in Patrick Michaelis Wili-CMS allow remote attackers to inject arbitrary web script or HTML via (1) the query string to relocate.php, (2) the globals[pageid] parameter in example-view/inc/print_button.php, and other unspecified vectors. |
| 2.3 | CVE-2006-4988 BUGTRAQ BID | ||
| Patrick Michaelis -- Wili-CMS | Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages. |
| 2.3 | CVE-2006-4989 BUGTRAQ BID | ||
| Paul Smith Computer Services -- vCAP | Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. |
| 2.3 | CVE-2006-5033 FULLDISC OTHER-REF BID FRSIRT OSVDB SECTRACK SECUNIA XF | ||
| Paul Smith Computer Services -- vCAP | Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. |
| 2.3 | CVE-2006-5034 FULLDISC OTHER-REF BID FRSIRT OSVDB SECTRACK SECUNIA XF | ||
| Paul Smith Computer Services -- vCAP | Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
| 2.3 | CVE-2006-5035 FRSIRT OSVDB OSVDB SECUNIA | ||
| Rob Landley -- BusyBox | Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI. |
| 2.3 | CVE-2006-5050 BUGTRAQ SECTRACK | ||
| RSA -- Keon Certificate Authority Manager | RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows privileged local users to hide malicious Certificate Authority (CA) activities by mopdifying CA auditor logs without detection by (1) modifying or deleting a |
| 3.3 | CVE-2006-4991 FULLDISC BID XF XF | ||
| Sun -- Sun Secure Global Desktop | Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. NOTE: This information is based upon a vague initial disclosure. Details will be updated as they become available. |
| 2.3 | CVE-2006-4959 BUGTRAQ OTHER-REF BID FRSIRT SECTRACK XF | ||
| Sun -- Solaris | Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets. |
| 3.3 | CVE-2006-5013 SUNALERT BID FRSIRT SECUNIA | ||
| SWsoft -- Plesk Reload SWsoft -- Plesk | Directory traversal vulnerability in filemanager/filemanager.php in SWsoft Plesk 7.5 Reload and Plesk 7.6 for Microsoft Windows allows remote attackers to list arbitrary directories via a ../ (dot dot slash) in the file parameter in a chdir action. |
| 2.3 | CVE-2006-5028 BUGTRAQ BID | ||
| Walter Beschmout -- PhpQuiz | Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter. |
| 2.3 | CVE-2006-4977 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Walter Beschmout -- PhpQuiz | Direct static code injection vulnerability in cfgphpquiz/install.php in Walter Beschmout PhpQuiz 1.2 and earlier allows remote attackers to inject arbitrary PHP code in config.inc.php via modified configuration settings. |
| 2.3 | CVE-2006-4979 BUGTRAQ OTHER-REF OTHER-REF FRSIRT SECUNIA XF | ||
| Yahoo -- Yahoo! Messenger | Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. |
| 1.9 | CVE-2006-4975 BUGTRAQ OTHER-REF |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.