Vulnerability Summary for the Week of November 20, 2006
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
20/20 Applications -- DataShed | Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955. |
| 7.0 | CVE-2006-6067 BUGTRAQ OTHER-REF BID XF | ||
Adobe -- Acrobat Reader | Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control. |
| 7.0 | CVE-2006-6027 OTHER-REF BID | ||
Apple -- Mac OS X Server Apple -- Mac OS X | com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. |
| 10.0 | CVE-2006-6061 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF CERT-VN | ||
ASP-Nuke -- ASP-Nuke | SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter. |
| 7.0 | CVE-2006-6070 BUGTRAQ OTHER-REF SECTRACK XF | ||
ASPIntranet -- ASPIntranet | SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. |
| 7.0 | CVE-2006-5987 BUGTRAQ BID XF | ||
BestWebApp -- BestWebApp Dating Site | SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. |
| 7.0 | CVE-2006-6021 BUGTRAQ BID | ||
BestWebApp -- BestWebApp Dating Site | Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| 7.0 | CVE-2006-6022 BUGTRAQ BID | ||
BiBa Software -- Selenium Server | SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 10.0 | CVE-2006-5982 FRSIRT SECUNIA OSVDB XF | ||
Blog Torrent -- Blog Torrent preview | Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter. |
| 7.0 | CVE-2006-6020 BUGTRAQ XF | ||
Bloo -- Bloo | Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
| 7.0 | CVE-2006-6019 BUGTRAQ OTHER-REF BID | ||
Bloo -- Bloo | ** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php. |
| 7.0 | CVE-2006-6023 BUGTRAQ MLIST XF | ||
CactuSoft -- CactuShop | Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. |
| 7.0 | CVE-2006-5991 BUGTRAQ OTHER-REF FRSIRT SECUNIA | ||
ClickTech -- Texas Rank'em | Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp. |
| 7.0 | CVE-2006-6050 BUGTRAQ OTHER-REF BID | ||
D-Link -- DWL-G132 | Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). |
| 10.0 | CVE-2006-6055 OTHER-REF SECTRACK | ||
Dragon Internet -- Events Listing | Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp. |
| 7.0 | CVE-2006-6066 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
Drumster -- BlogMe | Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. |
| 7.0 | CVE-2006-5975 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
Drumster -- BlogMe | Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-5976 BUGTRAQ OTHER-REF BID SECUNIA XF | ||
emreTURK -- OpenHuman | SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| 7.0 | CVE-2006-6036 OTHER-REF FRSIRT OSVDB XF | ||
Epic Designs -- eggblog | Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. |
| 7.0 | CVE-2006-6046 BUGTRAQ BID SECTRACK XF | ||
Expinion -- MultiCalendars | Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293. |
| 7.0 | CVE-2006-5977 BUGTRAQ XF | ||
Extreme CMS -- Extreme CMS | Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 7.0 | CVE-2006-5985 FRSIRT SECUNIA | ||
Extreme CMS -- Extreme CMS | admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 7.0 | CVE-2006-5986 FRSIRT SECUNIA | ||
F-ART Agency -- BLOG:CMS | Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. |
| 7.0 | CVE-2006-6035 BUGTRAQ BID FRSIRT SECUNIA | ||
FutureTec -- E-Calendar Pro | Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information. |
| 7.0 | CVE-2006-6030 BUGTRAQ SECUNIA | ||
Fuzzball MUCK -- Fuzzball MUCK | Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages. |
| 7.0 | CVE-2006-6064 OTHER-REF FRSIRT SECUNIA BID XF | ||
GCIS -- ASPCart | Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp. |
| 7.0 | CVE-2006-6031 BUGTRAQ | ||
Imagemagick -- Imagemagick | Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. |
| 7.0 | CVE-2006-5868 DEBIAN SECUNIA | ||
JBMC Software -- DirectAdmin | Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. |
| 7.0 | CVE-2006-5983 BUGTRAQ OTHER-REF BID XF | ||
Jelsoft -- vBulletin | Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. |
| 7.0 | CVE-2006-6040 BUGTRAQ BID FRSIRT SECUNIA | ||
Jim Plush -- My-BIC | ** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant. |
| 7.0 | CVE-2006-6018 BUGTRAQ MLIST XF | ||
Leinir -- Travelsized CMS | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. |
| 7.0 | CVE-2006-6037 BUGTRAQ OTHER-REF BID SECTRACK | ||
MamboXChange -- MosReporter | PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-6051 BUGTRAQ OTHER-REF BID | ||
My Firewall Plus -- My Firewall Plus | My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges. |
| 7.0 | CVE-2006-3973 OTHER-REF FRSIRT SECUNIA | ||
NetGear -- MA521 Wireless Driver | Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow. |
| 10.0 | CVE-2006-6059 OTHER-REF CERT-VN FRSIRT SECTRACK SECUNIA | ||
Phil Taylor -- Shambo2 | PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| 7.0 | CVE-2006-6049 BUGTRAQ BID FRSIRT SECUNIA XF | ||
Powie -- pForum | SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 7.0 | CVE-2006-6038 OTHER-REF BID XF FRSIRT SECUNIA | ||
Powie -- PHP MatchMaker | SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter. |
| 7.0 | CVE-2006-6039 OTHER-REF BID XF FRSIRT SECUNIA | ||
Property Pro -- Property Pro | SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field. |
| 7.0 | CVE-2006-6029 BUGTRAQ | ||
Renasoft -- NetJetServer | adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 10.0 | CVE-2006-5980 FRSIRT SECUNIA | ||
SitesOutlet -- E-commerce Kit-1 | Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp. |
| 7.0 | CVE-2006-6034 BUGTRAQ FRSIRT SECUNIA | ||
Sky Software -- FileView ActiveX Control WinZip -- WinZip | Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. |
| 7.0 | CVE-2006-3890 BUGTRAQ Milw0rm MS CERT-VN BID SECUNIA | ||
SPHPBlog -- SPHPBlog | Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9. |
| 7.0 | CVE-2006-6032 BUGTRAQ XF | ||
SPHPBlog -- SPHPBlog | Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.php, (2) add_cgi.php, (3) add_link.php, (4) login.php, (5) template.php, or (6) contact.php. |
| 7.0 | CVE-2006-6033 BUGTRAQ | ||
Un4seen -- XMPlay | Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName. |
| 7.0 | CVE-2006-6063 OTHER-REF FRSIRT SECUNIA | ||
WebHost Automation -- Helm Web Hosting Control Panel | Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. |
| 7.0 | CVE-2006-5984 BUGTRAQ FRSIRT SECUNIA | ||
WORK system e-commerce -- WORK system e-commerce | Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/. |
| 7.0 | CVE-2006-6041 OTHER-REF FRSIRT SECTRACK SECUNIA |
Medium Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
BiBa Software -- Selenium Server | Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands. |
| 4.7 | CVE-2006-5981 FRSIRT SECUNIA OTHER-REF OSVDB | ||
Comdev -- Comdev One Admin Pro | Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. |
| 5.6 | CVE-2006-6045 BUGTRAQ FRSIRT SECTRACK SECUNIA XF | ||
E-Xoopport -- E-Xoopport | Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix." |
| 4.9 | CVE-2006-5978 OTHER-REF BID FRSIRT XF | ||
Etomite -- Etomite CMS | Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. |
| 4.2 | CVE-2006-6047 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Etomite -- Etomite CMS | SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| 5.6 | CVE-2006-6048 BUGTRAQ BUGTRAQ OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
Linux -- Netkit | ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. |
| 4.2 | CVE-2006-6008 OTHER-REF OTHER-REF OTHER-REF GENTOO SECUNIA SECUNIA | ||
MxBB -- CalSnails module | PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. |
| 5.6 | CVE-2006-6065 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF | ||
NetBSD -- NetBSD | The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact. |
| 4.9 | CVE-2006-6014 MLIST | ||
Oliver -- Oliver | PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. |
| 5.6 | CVE-2006-6043 FRSIRT SECUNIA BID XF | ||
Panda -- ActiveScan | Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control. |
| 4.7 | CVE-2006-5966 SECUNIA BUGTRAQ FRSIRT SECUNIA XF XF | ||
PHPQuickGallery -- PHPQuickGallery | PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter. |
| 5.6 | CVE-2006-6044 OTHER-REF FRSIRT SECUNIA | ||
phpWebThings -- phpWebThings | PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. |
| 5.6 | CVE-2006-6042 OTHER-REF FRSIRT SECUNIA | ||
Qualcomm -- Eudora Worldmail | Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| 4.9 | CVE-2006-6024 OTHER-REF BID | ||
RealNetworks -- Helix DNA Server | Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has unknown impact and attack vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| 4.9 | CVE-2006-6026 OTHER-REF BID SECUNIA |
Low Vulnerabilities |
---|
Primary Vendor -- Product | Description |
| CVSS Score | Source & Patch Info | ||
---|---|---|---|---|---|---|
Anton Vlasov -- DoSePa | Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path the file parameter. |
| 2.3 | CVE-2006-6028 OTHER-REF OTHER-REF BID FRSIRT XF | ||
Apple -- Mac OS X | Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. |
| 2.3 | CVE-2006-6015 BUGTRAQ BUGTRAQ | ||
Apple -- Mac OS X Server Apple -- Mac OS X | Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption. |
| 3.3 | CVE-2006-6062 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF OTHER-REF BID FRSIRT SECUNIA XF | ||
DragonFlyBSD -- DragonFlyBSD TrustedBSD -- TrustedBSD FreeBSD -- FreeBSD MidnightBSD -- MidnightBSD NetBSD -- NetBSD | Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD before 20061116, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error. |
| 1.6 | CVE-2006-6013 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ FULLDISC MLIST OTHER-REF OTHER-REF OTHER-REF SECUNIA XF BUGTRAQ BUGTRAQ BUGTRAQ BID | ||
Linux -- Linux kernel | The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures. |
| 2.3 | CVE-2006-6053 OTHER-REF | ||
Linux -- Linux kernel | The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum. |
| 2.3 | CVE-2006-6054 OTHER-REF | ||
Linux -- Linux kernel | Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image. |
| 2.3 | CVE-2006-6056 OTHER-REF | ||
Linux -- Linux kernel | The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function. |
| 2.3 | CVE-2006-6057 OTHER-REF | ||
Linux -- Linux kernel | The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error. |
| 2.3 | CVE-2006-6058 OTHER-REF | ||
Linux -- Linux kernel | The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function. |
| 2.3 | CVE-2006-6060 OTHER-REF | ||
mAlbum -- mAlbum | Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. |
| 2.3 | CVE-2006-6068 BUGTRAQ FRSIRT SECUNIA XF | ||
mAlbum -- mAlbum | index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter. |
| 2.3 | CVE-2006-6069 BUGTRAQ XF | ||
MGinternet -- Car Site Manager | Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| 2.3 | CVE-2006-6012 FRSIRT | ||
Microsoft -- Windows 2000 | Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. |
| 2.3 | CVE-2006-5988 BID SECUNIA | ||
mod_auth_kerb -- mod_auth_kerb | Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. |
| 2.3 | CVE-2006-5989 OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF | ||
NetEpi Case Manager -- NetEpi Case Manager | NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. |
| 2.3 | CVE-2006-6052 OTHER-REF FRSIRT XF | ||
Qualcomm -- Eudora Worldmail | QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. |
| 2.3 | CVE-2006-6025 OTHER-REF BID | ||
Renasoft -- NetJetServer | Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources. |
| 2.3 | CVE-2006-5979 FRSIRT SECUNIA | ||
SAP -- SAP Web Application Server | SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. |
| 2.3 | CVE-2006-6010 BUGTRAQ | ||
SAP -- SAP Web Application Server | Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. |
| 2.3 | CVE-2006-6011 BUGTRAQ | ||
Sun -- JDK Sun -- JRE | Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. |
| 2.3 | CVE-2006-6009 SUNALERT FRSIRT SECTRACK SECUNIA | ||
Timo Sirainen -- Dovecot | Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. |
| 2.3 | CVE-2006-5973 BUGTRAQ MLIST SECUNIA BID FRSIRT XF | ||
Verity -- Ultraseek | Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable. |
| 2.3 | CVE-2006-5971 BUGTRAQ OTHER-REF OTHER-REF OSVDB SECUNIA XF OTHER-REF | ||
VMWare -- VirtualCenter | VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. |
| 3.7 | CVE-2006-5990 OTHER-REF OTHER-REF BUGTRAQ BID FRSIRT SECTRACK SECUNIA XF | ||
WebEvents -- Online Event Registration | save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. |
| 2.3 | CVE-2006-6007 BUGTRAQ | ||
WordPress -- WordPress | wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. |
| 1.4 | CVE-2006-6016 OTHER-REF OTHER-REF GENTOO | ||
WordPress -- WordPress | WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. |
| 1.4 | CVE-2006-6017 OTHER-REF OTHER-REF GENTOO |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.