Vulnerability Summary for the Week of December 25, 2006

Released
Jan 02, 2007
Document ID
SB07-001

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

Vulnerability Severity:

">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
@Mail -- @Mail WebMailCross-site request forgery (CSRF) vulnerability in @Mail WebMail allows remote attackers to perform unauthorized actions as other unspecified users via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
unknown
2006-12-22
7.0CVE-2006-6701
OTHER-REF
SECUNIA
@Mail -- @MailCross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-22
7.0CVE-2006-6702
OTHER-REF
OTHER-REF
FRSIRT
@Mail -- @Mail WebadminCross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."
unknown
2006-12-22
7.0CVE-2006-6704
OTHER-REF
A-blog -- A-blogCross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-26
7.0CVE-2006-6729
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
Allied Telesis -- AT-9000/24 EthernetswitchThe Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations.
unknown
2006-12-23
7.0CVE-2006-6717
BUGTRAQ
BID
XF
Allied Telesis -- AT-9000/24 EthernetswitchThe Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions.
unknown
2006-12-23
7.0CVE-2006-6718
BUGTRAQ
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
unknown
2006-12-29
7.0CVE-2006-6818
BUGTRAQ
BID
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.
unknown
2006-12-29
7.0CVE-2006-6819
BUGTRAQ
Azucar CMS -- Azucar CMSPHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-23
7.0CVE-2006-6720
OTHER-REF
BID
FRSIRT
SECUNIA
XF
chatwm -- chatwmSQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) txtUse and (2) txtPas parameters.
unknown
2006-12-27
7.0CVE-2006-6791
BUGTRAQ
BID
cwm-design -- cwmExplorerMultiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information.
unknown
2006-12-26
7.0CVE-2006-6766
FRSIRT
DMXReady -- DMXReady Secure Login ManagerMultiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
unknown
2006-12-29
7.0CVE-2006-6816
BUGTRAQ
BID
DreaXTeam -- Xt-NewsMultiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
unknown
2006-12-26
7.0CVE-2006-6746
BUGTRAQ
BID
DreaXTeam -- Xt-NewsSQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
unknown
2006-12-26
7.0CVE-2006-6747
BUGTRAQ
BID
Efkan Forum -- Efkan ForumSQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter.
unknown
2006-12-27
7.0CVE-2006-6794
BUGTRAQ
Enthrallweb -- ePagesSQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter.
unknown
2006-12-28
7.0CVE-2006-6802
Milw0rm
BID
FRSIRT
SECUNIA
Enthrallweb -- eCarsSQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter.
unknown
2006-12-28
7.0CVE-2006-6803
Milw0rm
BID
FRSIRT
Enthrallweb -- Dragon Business Directory ProSQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-28
7.0CVE-2006-6804
Milw0rm
BID
FRSIRT
SECUNIA
Enthrallweb -- eJobsSQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-28
7.0CVE-2006-6805
Milw0rm
FRSIRT
SECUNIA
Enthrallweb -- eMatesSQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-28
7.0CVE-2006-6806
Milw0rm
FRSIRT
SECUNIA
Eric Guillaume -- upload_download_de_fichiersSQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter.
unknown
2006-12-23
7.0CVE-2006-6716
OTHER-REF
BID
XF
Fishyshoop -- Fishyshooppages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1.
unknown
2006-12-27
7.0CVE-2006-6773
BUGTRAQ
BID
FRSIRT
SECUNIA
FTPRush -- FTPRushBuffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries.
unknown
2006-12-26
7.0CVE-2006-6752
BID
Future Internet -- Future InternetMultiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.
unknown
2006-12-27
7.0CVE-2006-6776
BUGTRAQ
BID
Future Internet -- Future InternetCross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action.
unknown
2006-12-27
7.0CVE-2006-6777
BUGTRAQ
BID
Hitachi -- Hitachi Directory Server 2Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
unknown
2006-12-22
10.0CVE-2006-6713
OTHER-REF
BID
FRSIRT
SECUNIA
HLstats -- HLstatsSQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter.
unknown
2006-12-27
7.0CVE-2006-6780
BUGTRAQ
BID
inertianews -- inertianewsPHP remote file inclusion vulnerability in inertianews_main.php in inertianews 0.02 beta allows remote attackers to execute arbitrary PHP code via a URL in the inews_path parameter.
unknown
2006-12-26
7.0CVE-2006-6726
Milw0rm
FRSIRT
inertianews -- inertianewsPHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.
unknown
2006-12-26
7.0CVE-2006-6727
FRSIRT
Jelle de Vos -- BandwebsiteBandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1.
unknown
2006-12-23
7.0CVE-2006-6722
OTHER-REF
BID
OTHER-REF
XF
KDE -- KsIRCBuffer overflow in KsIRC 1.3.12 allows remote attackers to execute arbitrary code via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server.
unknown
2006-12-29
7.0CVE-2006-6811
OTHER-REF
BID
Keep It Simple Guest Book -- Keep It Simple Guest BookMultiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php.
unknown
2006-12-26
7.0CVE-2006-6763
BUGTRAQ
OTHER-REF
Knusperleicht -- ShoutBoxCross-site scripting (XSS) vulnerability in shout.php in Knusperleicht ShoutBox 2.6 allows remote attackers to inject arbitrary web script or HTML via a post.
unknown
2006-12-23
7.0CVE-2006-6721
OTHER-REF
BID
logahead -- logahead UNUUnrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload arbitrary files via unspecified vectors related to plugins/widged/_widged.php and form Widgets.
unknown
2006-12-27
7.0CVE-2006-6783
BUGTRAQ
BID
LuckyBot -- LuckyBotMultiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) run.php or (2) ircbot.class.php.
unknown
2006-12-27
7.0CVE-2006-6788
BUGTRAQ
BID
McAfee -- NeoTrace Pro
McAfee -- NeoTrace Express
McAfee -- Visual Trace		Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-22
7.0CVE-2006-6707
SECUNIA
MGinternet -- Property Site ManagerCross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter.
unknown
2006-12-22
7.0CVE-2006-6708
BUGTRAQ
BID
XF
MGinternet -- Property Site ManagerMultiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.
unknown
2006-12-22
7.0CVE-2006-6709
BUGTRAQ
BID
XF
XF
MXmania -- Newsletter MXSQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-27
7.0CVE-2006-6787
OTHER-REF
BID
MXmania -- Calendar MX BASICSQL injection vulnerability in calendar_detail.asp in Calendar MX BASIC 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-27
7.0CVE-2006-6792
BID
FRSIRT
MXmania -- MXmania File Upload ManagerSQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-29
7.0CVE-2006-6813
OTHER-REF
BID
FRSIRT
SECUNIA
MXmania -- Calendar MX BASICCalendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-29
7.0CVE-2006-6825
FRSIRT
myPHPCalendar -- myPHPCalendarMultiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
unknown
2006-12-29
7.0CVE-2006-6812
OTHER-REF
BID
myPHPNuke -- myPHPNuke My_eGalleryPHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter.
unknown
2006-12-27
7.0CVE-2006-6795
OTHER-REF
OTHER-REF
BID
Netbula -- AnyboardSQL injection vulnerability in Netbula Anyboard allows remote attackers to execute arbitrary SQL commands via the user name in the login form.
unknown
2006-12-27
7.0CVE-2006-6784
BUGTRAQ
BID
Newxooper -- NewxooperPHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
unknown
2006-12-22
7.0CVE-2006-6711
OTHER-REF
BID
FRSIRT
SECUNIA
Newxooper -- NewxooperPHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-26
7.0CVE-2006-6748
FRSIRT
Obie Website -- Mini Web ShopCross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
unknown
2006-12-26
7.0CVE-2006-6734
BUGTRAQ
BID
MLIST
FRSIRT
SECUNIA
Okul Merkezi -- Okul Merkezi PortalPHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2006-12-27
7.0CVE-2006-6793
BUGTRAQ
BID
Open Newsletter -- Open NewsletterThe admin PHP scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability.
unknown
2006-12-27
7.0CVE-2006-6785
OTHER-REF
BID
Oracle -- Oracle9i
Oracle -- Oracle10g		Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
unknown
2006-12-22
7.0CVE-2006-6703
BUGTRAQ
FRSIRT
osTicket -- osTicket STSCross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.
unknown
2006-12-26
7.0CVE-2006-6733
BUGTRAQ
BID
Personal .NET Portal -- Personal .NET PortalUnspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."
unknown
2006-12-29
7.0CVE-2006-6826
OTHER-REF
FRSIRT
XF
PHP iCalendar -- PHP iCalendarMultiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
2006-12-20
2006-12-29
7.0CVE-2006-6824
OTHER-REF
BID
SECTRACK
SECUNIA
PHP Live! -- PHP Live!Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php.
unknown
2006-12-27
7.0CVE-2006-6769
BUGTRAQ
OTHER-REF
BID
SECUNIA
Phpbbxtra -- PhpbbxtraPHP remote file inclusion vulnerability in includes/archive/archive_topic.php in Phpbbxtra 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
unknown
2006-12-27
7.0CVE-2006-6789
BUGTRAQ
BID
PhpMyManga -- PhpMyMangaMultiple PHP remote file inclusion vulnerabilities in template.php in Laurent FALLET phpMyAnime (aka phpmymanga) 0.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) actionsPage or (2) formPage parameter.
unknown
2006-12-26
7.0CVE-2006-6760
Milw0rm
OTHER-REF
BID
XF
pnamazu -- pnamazuCross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-27
7.0CVE-2006-6782
OTHER-REF
BID
FRSIRT
SECUNIA
PowerScripts -- PowerClanPHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter.
unknown
2006-12-22
7.0CVE-2006-6715
OTHER-REF
MLIST
FRSIRT
SECUNIA
PWP Technologies -- The Classified Ad SystemMultiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter.
unknown
2006-12-27
7.0CVE-2006-6768
BUGTRAQ
Softwebs Nepal -- Ananda Real EstateSQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter.
unknown
2006-12-28
7.0CVE-2006-6807
OTHER-REF
BID
FRSIRT
SECUNIA
SugarCRM -- SugarCRMCross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.
unknown
2006-12-22
7.0CVE-2006-6712
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
Sun -- JDK
Sun -- SDK
Sun -- JRE		Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
unknown
2006-12-26
10.0CVE-2006-6731
SUNALERT
BID
FRSIRT
Sun -- Java 2 Standard Edition SDK
Sun -- Java 2 Runtime Environment		Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
unknown
2006-12-26
8.0CVE-2006-6745
SUNALERT
BID
FRSIRT
SECTRACK
TimberWolf -- TimberWolfCross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
unknown
2006-12-27
7.0CVE-2006-6778
BUGTRAQ
BID
FRSIRT
Ultimate PHP Board -- Ultimate PHP BoardDirect static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php.
unknown
2006-12-27
7.0CVE-2006-6790
OTHER-REF
BID
Vladimir Menshakov -- buratinable templatorMultiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
unknown
2006-12-29
7.0CVE-2006-6809
OTHER-REF
BID
w3m -- w3mFormat string vulnerability in w3m 0.5.1, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate.
unknown
2006-12-27
8.0CVE-2006-6772
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
WordPress -- WordPressCross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
unknown
2006-12-28
7.0CVE-2006-6808
FULLDISC
OTHER-REF
OTHER-REF
BID
Yrch! -- Yrch!PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-12-29
7.0CVE-2006-6823
OTHER-REF
BID
FRSIRT

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Ciberia -- Content FederatorPHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-12-27
5.6CVE-2006-6774
Milw0rm
BID
FRSIRT
SECUNIA
cwm-design -- cwmVotePHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter.
unknown
2006-12-26
5.6CVE-2006-6732
Milw0rm
BID
FRSIRT
SECUNIA
XF
cwm-design -- cwmCounterPHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-12-26
5.6CVE-2006-6738
Milw0rm
BID
FRSIRT
SECUNIA
Irokez -- Irokez CMSMultiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/.
unknown
2006-12-27
5.6CVE-2006-6771
Milw0rm
BID
FRSIRT
SECUNIA
Ixprim -- Ixprim CMSMultiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors.
unknown
2006-12-26
4.2CVE-2006-6754
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Ixprim -- Ixprim CMSThe code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack.
unknown
2006-12-26
5.6CVE-2006-6756
BUGTRAQ
OTHER-REF
Jelsoft -- VBulletinCross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript.
unknown
2006-12-27
5.6CVE-2006-6779
BUGTRAQ
BID
Jinzora -- JinzoraMultiple PHP remote file inclusion vulnerabilities in Jinzora Media Jukebox 2.7 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter in (1) popup.php, (2) rss.php, (3) ajax_request.php, and (4) mediabroadcast.php.
unknown
2006-12-27
5.6CVE-2006-6770
Milw0rm
BID
FRSIRT
SECUNIA
Keep It Simple Guest Book -- Keep It Simple Guest BookPHP remote file inclusion vulnerability in authenticate.php in Keep It Simple Guest Book (KISGB), when executing PHP through CGI, allows remote attackers to execute arbitrary PHP code via a URL in the default_path_to_themes parameter.
unknown
2006-12-26
5.6CVE-2006-6764
Milw0rm
FRSIRT
SECUNIA
LAN Messenger -- LAN MessengerUnspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.
unknown
2006-12-26
4.7CVE-2006-6728
OTHER-REF
FRSIRT
Limbo CMS -- Event ModulePHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
unknown
2006-12-28
5.6CVE-2006-6800
BUGTRAQ
Milw0rm
BID
FRSIRT
SECUNIA
Microsoft -- Windows XPThe Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
unknown
2006-12-28
4.7CVE-2006-6797
OTHER-REF
MKPortal -- MKPortalCross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag.
unknown
2006-12-26
4.7CVE-2006-6741
BUGTRAQ
FRSIRT
SECUNIA
MTCMS -- MTCMSPHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter.
unknown
2006-12-27
5.6CVE-2006-6796
OTHER-REF
BID
SECUNIA
Novell -- NetmailMultiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
unknown
2006-12-26
6.0CVE-2006-6424
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Novell -- NetmailStack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
unknown
2006-12-26
6.0CVE-2006-6425
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Novell -- NetMailStack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command.
unknown
2006-12-26
4.2CVE-2006-6761
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Open Newsletter -- Open NewsletterOpen Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php.
unknown
2006-12-27
4.2CVE-2006-6786
OTHER-REF
BID
OpenSER -- OpenSERBuffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
unknown
2006-12-26
5.6CVE-2006-6749
BUGTRAQ
BID
XF
BUGTRAQ
OPENPKG
Pagetool -- PagetoolMultiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php in Pagetool 1.07 allow remote attackers to execute arbitrary PHP code via (1) a local filename or FTP/share URI in the config_file parameter or (2) a URL in the ptconf[src] parameter.
unknown
2006-12-26
5.6CVE-2006-6765
Milw0rm
FRSIRT
SECUNIA
Paristemi -- ParistemiPHP remote file inclusion vulnerability in buycd.php in Paristemi 0.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the HTTP_DOCUMENT_ROOT parameter, a different vector than CVE-2006-6689.
unknown
2006-12-26
5.6CVE-2006-6739
Milw0rm
BID
PgmReloaded -- PgmReloadedMultiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php.
unknown
2006-12-22
5.6CVE-2006-6710
Milw0rm
FRSIRT
SECUNIA
phpProfiles -- phpProfilesMultiple PHP remote file inclusion vulnerabilities in phpProfiles 3.1.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the menu parameter to (1) include/body.inc.php or (2) include/body_admin.inc.php; or a URL in the incpath parameter to (3) index.inc.php, (4) account.inc.php, (5) admin_newcomm.inc.php, (6) header_admin.inc.php, (7) header.inc.php, (8) friends.inc.php, (9) menu_u.inc.php, (10) notify.inc.php, (11) body.inc.php, (12) body_admin.inc.php, (13) commrecc.inc.php, (14) do_reg.inc.php, (15) comm_post.inc.php, or (16) menu_v.inc.php in include/, different vectors than CVE-2006-5634. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-26
5.6CVE-2006-6740
Milw0rm
BID
FRSIRT
SECUNIA
XF
phpProfiles -- phpProfilesphpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php.
unknown
2006-12-26
4.9CVE-2006-6743
OTHER-REF
FRSIRT
SECUNIA
XF
SH-News -- SH-NewsPHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter.
unknown
2006-12-28
5.6CVE-2006-6801
Milw0rm
BID
FRSIRT
SECUNIA
The Cacti Group -- CactiSQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are later used in the polling_items array and popen function.
unknown
2006-12-28
5.6CVE-2006-6799
OTHER-REF
FRSIRT
SECUNIA

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
acFTP -- acFTPacFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command.
unknown
2006-12-27
1.1CVE-2006-6775
OTHER-REF
BID
FRSIRT
SECUNIA
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
unknown
2006-12-29
2.3CVE-2006-6817
BUGTRAQ
BolinTech -- Dream FTP ServerBolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command.
unknown
2006-12-26
1.4CVE-2006-6724
OTHER-REF
FRSIRT
SECUNIA
cwm-design -- cwmExplorerDirectory traversal vulnerability in index.php in cwmExplorer 1.0 allows remote attackers to read arbitrary files and source code, and obtain sensitive information via directory traversal sequences in the show_file parameter.
unknown
2006-12-26
3.3CVE-2006-6757
Milw0rm
BID
FRSIRT
DB Hub -- DB HubUnspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
unknown
2006-12-29
2.3CVE-2006-6810
OTHER-REF
OTHER-REF
BID
DMXReady -- DMXReady Secure Login ManagerMultiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.
unknown
2006-12-29
3.4CVE-2006-6815
BUGTRAQ
SECTRACK
Dxmsoft -- XM Easy Personal FTP ServerFormat string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
unknown
2006-12-26
2.3CVE-2006-6750
OTHER-REF
BID
Dxmsoft -- XM Easy Personal FTP ServerFormat string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands.
unknown
2006-12-26
2.3CVE-2006-6751
OTHER-REF
BID
Enthrallweb -- eCouponsmyprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
3.4CVE-2006-6820
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eNewsmyprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
3.4CVE-2006-6821
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eClassifiedsmyprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
3.4CVE-2006-6822
OTHER-REF
FRSIRT
GNU -- wgetThe ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
unknown
2006-12-23
2.3CVE-2006-6719
OTHER-REF
BID
Hitachi -- Hitachi Directory Server 2Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests.
unknown
2006-12-22
3.3CVE-2006-6714
OTHER-REF
BID
FRSIRT
SECUNIA
HLstats -- HLstatsHLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message.
unknown
2006-12-27
2.3CVE-2006-6781
BUGTRAQ
BID
Hosting Controller -- Hosting ControllerDirectory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.
2006-12-27
2006-12-29
3.4CVE-2006-6814
OTHER-REF
BID
SECTRACK
HP -- LaserJet 5000 Series
HP -- LaserJet 5100 Series
HP -- HP FTP Print Server		Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command.
unknown
2006-12-26
2.3CVE-2006-6742
BUGTRAQ
HTTP Explorer -- HTTP Explorer Web ServerDirectory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the URI.
unknown
2006-12-26
2.3CVE-2006-6758
Milw0rm
BID
Ixprim -- Ixprim CMSIxprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message.
unknown
2006-12-26
2.3CVE-2006-6755
BUGTRAQ
OTHER-REF
Microsoft -- Windows 2000
Microsoft -- Windows XP		The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
unknown
2006-12-26
3.3CVE-2006-6723
Milw0rm
FRSIRT
SECUNIA
Microsoft -- Windows Event ViewerEvent Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer.
unknown
2006-12-26
2.8CVE-2006-6753
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
NetBSD -- NetBSD
OpenBSD -- OpenBSD		OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2.
unknown
2006-12-26
3.4CVE-2006-6730
BUGTRAQ
BUGTRAQ
BUGTRAQ
MLIST
OTHER-REF
OTHER-REF
Novell -- NetMailThe IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument.
unknown
2006-12-26
2.3CVE-2006-6762
IDEFENSE
OTHER-REF
BID
FRSIRT
SECUNIA
Obie Website -- Mini Web Shopmodules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal.
unknown
2006-12-26
2.3CVE-2006-6735
BUGTRAQ
MLIST
BID
PHPBuilder -- PHPBuilderMultiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-26
2.3CVE-2006-6725
FRSIRT
phpProfiles -- phpProfilesphpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts.
unknown
2006-12-26
1.6CVE-2006-6744
OTHER-REF
RealNetworks -- RealPlayerA certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with the certain arguments.
unknown
2006-12-26
2.3CVE-2006-6759
OTHER-REF
BID
Soumu -- Soumu Workflow
Soumu -- Soumu Workflow for Groupmax
Soumu -- Koukyoumuke Soumu Workflow		Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors.
unknown
2006-12-22
2.3CVE-2006-6705
OTHER-REF
SECUNIA
FRSIRT
Soumu -- Soumu Workflow
Soumu -- Soumu Workflow for Groupmax
Soumu -- Koukyoumuke Soumu Workflow		SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.
unknown
2006-12-22
2.8CVE-2006-6706
OTHER-REF
SECUNIA
FRSIRT
Stefan Ritt -- Elog Web Logbookelogd in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (crash) by attempting to access a logbook whose name begins with "global", which results in a NULL pointer dereference.
unknown
2006-12-28
1.4CVE-2006-6318
BUGTRAQ
OTHER-REF
DEBIAN
BID
Sun -- JDK
Sun -- SDK
Sun -- JRE		Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to attackers to use untrusted applets to "access data in other applets," aka "The second issue."
unknown
2006-12-26
2.3CVE-2006-6736
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA
Sun -- JDK
Sun -- SDK
Sun -- JRE		Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."
unknown
2006-12-26
2.3CVE-2006-6737
SUNALERT
BID
FRSIRT
SECTRACK
SECUNIA

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.