Vulnerability Summary for the Week of January 1, 2007

Released
Jan 08, 2007
Document ID
SB07-008

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

face="arial,geneva,helvetica">

High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
2enetworx -- OpenForumOpenforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.
unknown
2007-01-05
10.0CVE-2007-0076
BUGTRAQ
OTHER-REF
Adobe -- Acrobat Reader PluginAdobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
unknown
2007-01-03
7.0CVE-2007-0044
BUGTRAQ
OTHER-REF
OTHER-REF
Adobe -- Acrobat Reader PluginDouble free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
unknown
2007-01-03
7.0CVE-2007-0046
BUGTRAQ
OTHER-REF
OTHER-REF
Alan Ward -- aFAQSQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
unknown
2006-12-31
7.0CVE-2006-6831
OTHER-REF
XF
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
unknown
2006-12-29
7.0CVE-2006-6818
BUGTRAQ
BID
Apple -- QuickTime PlayerBuffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
unknown
2007-01-01
7.0CVE-2007-0015
OTHER-REF
Milw0rm
BID
OTHER-REF
SECTRACK
AShopSoftware -- AShop Deluxe
AShopSoftware -- AShop Administration Panel		Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.
unknown
2007-01-04
7.0CVE-2007-0056
BUGTRAQ
BID
ASP Siteware -- autoDealerSQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.
unknown
2007-01-04
7.0CVE-2007-0053
OTHER-REF
BID
FRSIRT
SECUNIA
ASPBB -- ASPBBAspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb.
unknown
2007-01-05
10.0CVE-2007-0075
BUGTRAQ
OTHER-REF
ASPTicker -- ASPTickerSQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
unknown
2006-12-31
7.0CVE-2006-6848
OTHER-REF
BID
Atmel -- Linux PCI PCMCIA USB DriversBuffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument.
unknown
2006-12-31
7.0CVE-2006-6881
BUGTRAQ
Belchior Foundry -- vCard PROCross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
unknown
2007-01-04
7.0CVE-2007-0054
BUGTRAQ
BID
Cafelog -- B2 BlogPHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
unknown
2006-12-31
7.0CVE-2006-6830
OTHER-REF
BID
XF
Cahier de textes -- Cahier de textesadministration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.
unknown
2006-12-31
7.0CVE-2006-6849
BUGTRAQ
OTHER-REF
Carbon Communities -- Carbon CommunitiesCarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.
unknown
2007-01-05
7.0CVE-2007-0096
OTHER-REF
FRSIRT
Cisco -- Clean AccessCisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
unknown
2007-01-04
10.0CVE-2007-0057
CISCO
FRSIRT
CMS Made Simple -- CMS Made SimpleCross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
unknown
2006-12-31
7.0CVE-2006-6844
BUGTRAQ
OTHER-REF
SECTRACK
CMS Made Simple -- CMS Made SimpleCross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.
unknown
2006-12-31
7.0CVE-2006-6845
BUGTRAQ
BID
FRSIRT
SECUNIA
CMS-Center -- Simple Web CMSSQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-05
7.0CVE-2007-0093
BUGTRAQ
OTHER-REF
CodeMonkeyX -- Acronym ModSQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-12-31
7.0CVE-2006-6842
OTHER-REF
BID
XF
ConeXware -- PowerArchiver 2006Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
unknown
2007-01-05
8.0CVE-2007-0097
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Cybercoded -- WYWO - InOut BoardMultiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
unknown
2006-12-31
7.0CVE-2006-6846
OTHER-REF
BID
De Marchi Daniele -- QuickCamThe qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
unknown
2006-12-31
7.0CVE-2006-6854
BUGTRAQ
BID
DMXReady -- DMXReady Secure Login ManagerMultiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
unknown
2006-12-29
7.0CVE-2006-6816
BUGTRAQ
BID
XF
E-Smart Cart -- E-Smart CartSQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
unknown
2007-01-05
7.0CVE-2007-0092
OTHER-REF
SECUNIA
Efkan Forum -- Efkan ForumMultiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
unknown
2006-12-31
7.0CVE-2006-6828
FRSIRT
eNdonesia -- eNdonesiaMultiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
unknown
2006-12-31
7.0CVE-2006-6871
OTHER-REF
BID
FRSIRT
SECUNIA
eNdonesia -- eNdonesiaMultiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
unknown
2006-12-31
7.0CVE-2006-6873
OTHER-REF
BID
FRSIRT
SECUNIA
eNdonesia -- eNdonesiaMultiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
7.0CVE-2006-6874
SECUNIA
Enigma -- WordPress Bridge** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
unknown
2006-12-31
10.0CVE-2006-6863
BUGTRAQ
OTHER-REF
VIM
BID
SECTRACK
Enigma2 -- Coppermine BridgePHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
unknown
2006-12-31
10.0CVE-2006-6864
BUGTRAQ
OTHER-REF
VIM
BID
SECTRACK
Fermentigrafici -- WineGlassWineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.
unknown
2007-01-05
7.0CVE-2007-0090
BUGTRAQ
OTHER-REF
FreeRadius -- 1.1.3Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party, who states that the server parameter can only be exploited via the FreeRADIUS configuration file.
unknown
2007-01-05
7.0CVE-2007-0080
BUGTRAQ
BUGTRAQ
FreeStyle -- FreeStyle WikiFreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
unknown
2006-12-31
7.0CVE-2006-6889
OTHER-REF
XF
Geckovich -- TaskTracker Pro
Geckovich -- TaskTracker		Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.
unknown
2007-01-04
7.0CVE-2007-0049
OTHER-REF
BID
SECUNIA
IBM -- OS/400Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
unknown
2006-12-31
7.0CVE-2006-6836
AIXAPAR
OTHER-REF
BID
SECUNIA
Iconics -- Dialog Wrapper Module ActiveX ControlStack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
unknown
2006-12-31
7.0CVE-2006-6488
CERT-VN
FRSIRT
SECUNIA
IMGallery -- IMGalleryusers_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
unknown
2007-01-05
7.0CVE-2007-0082
OTHER-REF
BID
FRSIRT
XF
JGBBS -- JGBBSjgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.
unknown
2007-01-05
7.0CVE-2007-0089
BUGTRAQ
OTHER-REF
Joomla! -- Joomla!Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
unknown
2006-12-31
7.0CVE-2006-6832
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Joomla! -- Joomla!com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
unknown
2006-12-31
7.0CVE-2006-6833
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Joomla! -- BE IT EasyPartner componentPHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
7.0CVE-2006-6843
BID
Katy Whitton Web Development -- newsCMSlitenewsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.
unknown
2007-01-05
7.0CVE-2007-0091
OTHER-REF
XF
KDE -- KsIRCBuffer overflow in KsIRC 1.3.12 allows remote attackers to execute arbitrary code via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server.
unknown
2006-12-29
7.0CVE-2006-6811
OTHER-REF
BID
OTHER-REF
FRSIRT
SECTRACK
XF
MAXdev -- MDForumDirectory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
unknown
2006-12-31
8.0CVE-2006-6869
OTHER-REF
BID
FRSIRT
Mozilla -- Durian Web Application ServerBuffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
unknown
2006-12-31
10.0CVE-2006-6853
OTHER-REF
OTHER-REF
BID
XF
MXmania -- MXmania File Upload ManagerSQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-29
7.0CVE-2006-6813
OTHER-REF
BID
FRSIRT
SECUNIA
MXmania -- Calendar MX BASICCalendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-29
7.0CVE-2006-6825
FRSIRT
myPHPCalendar -- myPHPCalendarMultiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
unknown
2006-12-29
7.0CVE-2006-6812
OTHER-REF
BID
MythControl -- MythControlBuffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
10.0CVE-2006-6860
BUGTRAQ
BID
SECTRACK
Neocrome -- Land Down UnderSQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
unknown
2006-12-31
7.0CVE-2006-6835
BUGTRAQ
XF
Netfarer.com -- MoviePlayStack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-02
7.0CVE-2007-0016
BID
SECUNIA
OpenMedia -- OpenMediaMultiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.
unknown
2007-01-05
8.0CVE-2007-0088
BUGTRAQ
OpenPinboard -- OpenPinboard** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by a third party, who states that the vulnerable is set before use.
unknown
2007-01-04
7.0CVE-2007-0050
BUGTRAQ
BUGTRAQ
OpenSER -- OpenSER OSP Module
OpenSER -- OpenSER		Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.
unknown
2006-12-31
7.0CVE-2006-6875
BUGTRAQ
BID
OpenSER -- OpenSERThe fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.
unknown
2006-12-31
7.0CVE-2006-6876
BUGTRAQ
BID
Outfront -- Spooky LoginMultiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
unknown
2006-12-31
10.0CVE-2006-6861
BUGTRAQ
BID
Outfront -- Spooky LoginMultiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp.
unknown
2006-12-31
7.0CVE-2006-6862
BUGTRAQ
BID
Personal .NET Portal -- Personal .NET PortalUnspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."
unknown
2006-12-29
7.0CVE-2006-6826
OTHER-REF
FRSIRT
XF
PHP iCalendar -- PHP iCalendarMultiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
2006-12-20
2006-12-29
7.0CVE-2006-6824
OTHER-REF
BID
SECTRACK
SECUNIA
PHP-Update -- PHP-Updateadmin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
unknown
2006-12-31
7.0CVE-2006-6878
OTHER-REF
BID
SECUNIA
PHP-Update -- PHP-UpdateMultiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
unknown
2006-12-31
7.0CVE-2006-6880
OTHER-REF
BID
SECUNIA
phpBB Group -- phpBBUnspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
unknown
2006-12-31
7.0CVE-2006-6839
OTHER-REF
BID
phpBB Group -- phpBBUnspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
unknown
2006-12-31
7.0CVE-2006-6840
OTHER-REF
BID
phpBB Group -- phpBBCertain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
unknown
2006-12-31
7.0CVE-2006-6841
OTHER-REF
BID
PHPIrc_bot -- PHPIrc_bot** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used.
unknown
2006-12-31
7.0CVE-2006-6883
BUGTRAQ
MLIST
Red Hat -- Red Hat Enterprise Linux AS
OpenOffice -- OpenOffice
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Enterprise Linux WS
Red Hat -- Red Hat Desktop		Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and possibly other versions, allow remote user-assisted attackers to execute arbitrary code via a crafted WMF file.
unknown
2006-12-31
8.0CVE-2006-5870
OTHER-REF
REDHAT
Rediff -- Bol Downloader ActiveX (OCX) controlRediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
unknown
2006-12-31
7.0CVE-2006-6838
BUGTRAQ
OTHER-REF
BID
Shadowed Works -- Shadowed PortalPHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
unknown
2006-12-31
7.0CVE-2006-6850
OTHER-REF
OTHER-REF
FRSIRT
XF
Sven Moderow -- GuestBookSven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.
unknown
2007-01-05
7.0CVE-2007-0094
BUGTRAQ
OTHER-REF
tDiary -- tDiaryEval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
10.0CVE-2006-6852
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
The Address Book -- The Address BookMultiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
unknown
2006-12-31
7.0CVE-2006-4575
OTHER-REF
SECUNIA
The Address Book -- The Address BookMultiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
unknown
2006-12-31
7.0CVE-2006-4577
OTHER-REF
SECUNIA
The Address Book -- The Address Bookexport.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.
unknown
2006-12-31
7.0CVE-2006-4578
OTHER-REF
SECUNIA
The Address Book -- The Address Bookregister.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
unknown
2006-12-31
7.0CVE-2006-4580
OTHER-REF
SECUNIA
VerliAdmin -- VerliAdminDirectory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
unknown
2007-01-05
7.0CVE-2007-0098
OTHER-REF
FRSIRT
Vizayn Haber -- Vizayn HaberSQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-04
7.0CVE-2007-0052
OTHER-REF
BID
FRSIRT
SECUNIA
Vladimir Menshakov -- buratinable templatorMultiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
unknown
2006-12-29
7.0CVE-2006-6809
OTHER-REF
BID
FRSIRT
XF
Vladimir Meshakov -- BublaMultiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
unknown
2006-12-31
7.0CVE-2006-6867
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Voc-Project -- Voodoo ChatVoodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.
unknown
2006-12-31
7.0CVE-2006-6890
OTHER-REF
XF
Website Designs for Less -- Click N' Print CouponsSQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-12-31
10.0CVE-2006-6859
OTHER-REF
BID
FRSIRT
SECUNIA
WebText -- WebTextDirect static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.
unknown
2006-12-31
7.0CVE-2006-6856
OTHER-REF
BID
FRSIRT
SECUNIA
Yrch! -- Yrch!PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-12-29
7.0CVE-2006-6823
OTHER-REF
BID
FRSIRT
XF
Zen Cart -- Web Shopping CartMultiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-31
7.0CVE-2006-6868
OTHER-REF
BID
SECUNIA

Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader PluginMultiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox web browser allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a javascript: or res: URI in the (1) FDF, (2) XML, and (3) XFDF AJAX request parameters, which follow the # (hash) character in a URL, aka "Universal XSS (UXSS)."
unknown
2007-01-03
5.6CVE-2007-0045
BUGTRAQ
OTHER-REF
OTHER-REF
Adobe -- Acrobat Reader PluginCRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
unknown
2007-01-03
5.6CVE-2007-0047
OTHER-REF
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.
unknown
2006-12-29
4.7CVE-2006-6819
BUGTRAQ
Apple -- iPhotoFormat string vulnerability in Apple iPhoto 6.0.5 (316), and possibly earlier versions, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
unknown
2007-01-04
5.6CVE-2007-0051
OTHER-REF
Apple -- Quicktime PlayerCross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
unknown
2007-01-04
5.6CVE-2007-0059
OTHER-REF
OTHER-REF
DoceboLMS -- DoceboLMSCross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
unknown
2006-12-31
5.6CVE-2006-6857
BUGTRAQ
Golden Book -- Golden BookCross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-31
5.6CVE-2006-6882
BUGTRAQ
BID
Jonathon Freeman -- OvBBCross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable.
unknown
2006-12-31
5.6CVE-2006-6892
OTHER-REF
SECUNIA
Joomla! -- Joomla!Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
unknown
2006-12-31
5.6CVE-2006-6834
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
logahead -- logahead UNUUnrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
5.6CVE-2006-6887
SECUNIA
Miredo -- MiredoMiredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
unknown
2006-12-31
5.6CVE-2006-6858
OTHER-REF
SECUNIA
Mobilelib -- Mobilelib GOLDMultiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
unknown
2006-12-31
5.6CVE-2006-6851
BUGTRAQ
BUGTRAQ
BID
Nuked-Klan -- Nuked-KlanCross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.
unknown
2007-01-05
5.6CVE-2007-0083
BUGTRAQ
Sergey Oblomov -- iso_wincmdMultiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.
2006-12-18
2006-12-31
5.6CVE-2006-6837
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Sunbelt -- Sunbelt Kerio Personal FirewallSunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.
unknown
2007-01-05
4.2CVE-2007-0081
BUGTRAQ
OTHER-REF
The Address Book -- The Address BookCross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
unknown
2006-12-31
5.6CVE-2006-4576
OTHER-REF
SECUNIA
VideoLAN -- VLCFormat string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a udp://-- URI in an M3U file.
unknown
2007-01-02
5.6CVE-2007-0017
OTHER-REF
SECUNIA
WinZip -- WinZipBuffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
unknown
2006-12-31
5.6CVE-2006-6884
BUGTRAQ
BUGTRAQ

Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader PluginAdobe Acrobat Reader Plugin before 8.0.0, when used with Internet Explorer, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL.
unknown
2007-01-03
2.3CVE-2007-0048
BUGTRAQ
OTHER-REF
OTHER-REF
AIDeX -- Mini-WebServerAIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
2.3CVE-2006-6855
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
AlstraSoft -- WebHost DirectoryAlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
unknown
2006-12-29
2.3CVE-2006-6817
BUGTRAQ
Apache Group -- Apache** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
unknown
2007-01-05
3.3CVE-2007-0086
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Avahi -- AvahiThe consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
unknown
2006-12-31
2.3CVE-2006-6870
OTHER-REF
OTHER-REF
OTHER-REF
BattleBlog -- BattleBlogBattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
unknown
2007-01-05
3.3CVE-2007-0078
BUGTRAQ
OTHER-REF
Cisco -- Clean AccessCisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
unknown
2007-01-04
3.3CVE-2007-0058
CISCO
FRSIRT
DB Hub -- DB HubUnspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
unknown
2006-12-29
2.3CVE-2006-6810
OTHER-REF
OTHER-REF
BID
MLIST
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
DMXReady -- DMXReady Secure Login ManagerMultiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.
unknown
2006-12-29
3.4CVE-2006-6815
BUGTRAQ
SECTRACK
XF
Efkan Forum -- Efkan ForumEfkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
3.3CVE-2006-6829
FRSIRT
eNdonesia -- eNdonesiaDirectory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
unknown
2006-12-31
2.3CVE-2006-6872
OTHER-REF
BID
FRSIRT
SECUNIA
Enthrallweb -- eCouponsmyprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6820
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eNewsmyprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6821
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eClassifiedsmyprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6822
OTHER-REF
FRSIRT
Fersche -- FormankserverDirectory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-04
2.3CVE-2007-0055
OTHER-REF
FRSIRT
SECUNIA
Hosting Controller -- Hosting ControllerDirectory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.
2006-12-27
2006-12-29
1.6CVE-2006-6814
OTHER-REF
BID
SECTRACK
FRSIRT
LBlog -- LBloglblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.
unknown
2007-01-05
3.3CVE-2007-0077
BUGTRAQ
OTHER-REF
Linux -- Linux kernelThe isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
unknown
2006-12-31
1.0CVE-2006-5749
OTHER-REF
OTHER-REF
SECUNIA
Macromedia -- FlashFlash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
unknown
2006-12-31
2.3CVE-2006-6827
OTHER-REF
BID
XF
Macromedia -- ShockwaveAn ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
unknown
2006-12-31
1.9CVE-2006-6885
OTHER-REF
XF
Matteo Lucarelli -- 3editor CMSDirectory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
unknown
2006-12-31
1.9CVE-2006-6877
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Message Compiler** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
unknown
2007-01-05
3.4CVE-2007-0084
BUGTRAQ
BUGTRAQ
Microsoft -- Internet Information Services** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
unknown
2007-01-05
3.3CVE-2007-0087
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OpenBSD -- OpenBSDUnspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
unknown
2007-01-05
3.4CVE-2007-0085
MLIST
OTHER-REF
OPENBSD
OPENBSD
SECTRACK
SECUNIA
P-News -- P-NewsP-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
unknown
2006-12-31
2.3CVE-2006-6888
OTHER-REF
XF
PHP-Update -- PHP-UpdateUnrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
unknown
2006-12-31
3.4CVE-2006-6879
OTHER-REF
OTHER-REF
BID
SECUNIA
phpMyAdmin -- phpMyAdminphpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
unknown
2007-01-05
3.3CVE-2007-0095
FULLDISC
XF
phpwcms -- phpwcmsphpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
unknown
2006-12-31
2.3CVE-2006-6886
BUGTRAQ
OTHER-REF
FRSIRT
OSVDB
OSVDB
XF
Rblog -- Rblogrblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.
unknown
2007-01-05
3.3CVE-2007-0079
BUGTRAQ
OTHER-REF
RealNetworks -- RealPlayerAn ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
unknown
2006-12-31
2.3CVE-2006-6847
OTHER-REF
BID
SoftArtisans -- FileUpDirectory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
unknown
2006-12-31
3.3CVE-2006-6865
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
STphp -- EasyNewsSTphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
unknown
2006-12-31
3.3CVE-2006-6866
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
The Address Book -- The Address BookDirectory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter.
unknown
2006-12-31
2.3CVE-2006-4579
OTHER-REF
SECUNIA
The Address Book -- The Address BookUnrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.
unknown
2006-12-31
2.3CVE-2006-4581
OTHER-REF
SECUNIA
The Address Book -- The Address BookCross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
unknown
2006-12-31
2.3CVE-2006-4582
OTHER-REF
SECUNIA
Vz Forum -- Vz ForumVz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.
unknown
2006-12-31
2.3CVE-2006-6891
OTHER-REF
XF

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.