Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB07-008 archive

Vulnerability Summary for the Week of January 1, 2007

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
2enetworx -- OpenForum
Openforum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for openforum.mdb.
unknown
2007-01-05
10.0CVE-2007-0076
BUGTRAQ
OTHER-REF
Adobe -- Acrobat Reader Plugin
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
unknown
2007-01-03
7.0CVE-2007-0044
BUGTRAQ
OTHER-REF
OTHER-REF
Adobe -- Acrobat Reader Plugin
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
unknown
2007-01-03
7.0CVE-2007-0046
BUGTRAQ
OTHER-REF
OTHER-REF
Alan Ward -- aFAQ
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
unknown
2006-12-31
7.0CVE-2006-6831
OTHER-REF
XF
AlstraSoft -- WebHost Directory
AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.
unknown
2006-12-29
7.0CVE-2006-6818
BUGTRAQ
BID
Apple -- QuickTime Player
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
unknown
2007-01-01
7.0CVE-2007-0015
OTHER-REF
Milw0rm
BID
OTHER-REF
SECTRACK
AShopSoftware -- AShop Deluxe
AShopSoftware -- AShop Administration Panel
Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe 4.5 and AShop Administration Panel allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to (a) ashop/catalogue.php and (b) ashop/basket.php, the (2) exp parameter to ashop/catalogue.php, the (3) searchstring parameter to (c) ashop/search.php, the (4) checkout and (5) action parameters to (d) ashop/shipping.php, the cat parameter to (f) cart-path/admin/editcatalogue.php, and the (7) resultpage parameter to (g) cart-path/admin/salesadmin.php.
unknown
2007-01-04
7.0CVE-2007-0056
BUGTRAQ
BID
ASP Siteware -- autoDealer
SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the iPro parameter.
unknown
2007-01-04
7.0CVE-2007-0053
OTHER-REF
BID
FRSIRT
SECUNIA
ASPBB -- ASPBB
AspBB stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user passwords via a direct request for db/aspbb.mdb.
unknown
2007-01-05
10.0CVE-2007-0075
BUGTRAQ
OTHER-REF
ASPTicker -- ASPTicker
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
unknown
2006-12-31
7.0CVE-2006-6848
OTHER-REF
BID
Atmel -- Linux PCI PCMCIA USB Drivers
Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux PCI PCMCIA USB Drivers drivers 3.4.1.1 corruption allows attackers to execute arbitrary code via a long name argument.
unknown
2006-12-31
7.0CVE-2006-6881
BUGTRAQ
Belchior Foundry -- vCard PRO
Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior Foundry vCard PRO allows remote attackers to inject arbitrary web script or HTML via the sortby parameter.
unknown
2007-01-04
7.0CVE-2007-0054
BUGTRAQ
BID
Cafelog -- B2 Blog
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
unknown
2006-12-31
7.0CVE-2006-6830
OTHER-REF
BID
XF
Cahier de textes -- Cahier de textes
administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.
unknown
2006-12-31
7.0CVE-2006-6849
BUGTRAQ
OTHER-REF
Carbon Communities -- Carbon Communities
CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb.
unknown
2007-01-05
7.0CVE-2007-0096
OTHER-REF
FRSIRT
Cisco -- Clean Access
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
unknown
2007-01-04
10.0CVE-2007-0057
CISCO
FRSIRT
CMS Made Simple -- CMS Made Simple
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
unknown
2006-12-31
7.0CVE-2006-6844
BUGTRAQ
OTHER-REF
SECTRACK
CMS Made Simple -- CMS Made Simple
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.
unknown
2006-12-31
7.0CVE-2006-6845
BUGTRAQ
BID
FRSIRT
SECUNIA
CMS-Center -- Simple Web CMS
SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-05
7.0CVE-2007-0093
BUGTRAQ
OTHER-REF
CodeMonkeyX -- Acronym Mod
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-12-31
7.0CVE-2006-6842
OTHER-REF
BID
XF
ConeXware -- PowerArchiver 2006
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
unknown
2007-01-05
8.0CVE-2007-0097
FULLDISC
OTHER-REF
FRSIRT
SECUNIA
Cybercoded -- WYWO - InOut Board
Multiple SQL injection vulnerabilities in WYWO - InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
unknown
2006-12-31
7.0CVE-2006-6846
OTHER-REF
BID
De Marchi Daniele -- QuickCam
The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
unknown
2006-12-31
7.0CVE-2006-6854
BUGTRAQ
BID
DMXReady -- DMXReady Secure Login Manager
Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo.
unknown
2006-12-29
7.0CVE-2006-6816
BUGTRAQ
BID
XF
E-Smart Cart -- E-Smart Cart
SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
unknown
2007-01-05
7.0CVE-2007-0092
OTHER-REF
SECUNIA
Efkan Forum -- Efkan Forum
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
unknown
2006-12-31
7.0CVE-2006-6828
FRSIRT
eNdonesia -- eNdonesia
Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php.
unknown
2006-12-31
7.0CVE-2006-6871
OTHER-REF
BID
FRSIRT
SECUNIA
eNdonesia -- eNdonesia
Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the (2) cid parameter in a (b) viewlink (katalog mod) or (b) viewcat (diskusi mod) operation.
unknown
2006-12-31
7.0CVE-2006-6873
OTHER-REF
BID
FRSIRT
SECUNIA
eNdonesia -- eNdonesia
Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
7.0CVE-2006-6874
SECUNIA
Enigma -- WordPress Bridge
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
unknown
2006-12-31
10.0CVE-2006-6863
BUGTRAQ
OTHER-REF
VIM
BID
SECTRACK
Enigma2 -- Coppermine Bridge
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
unknown
2006-12-31
10.0CVE-2006-6864
BUGTRAQ
OTHER-REF
VIM
BID
SECTRACK
Fermentigrafici -- WineGlass
WineGlass stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/data.mdb.
unknown
2007-01-05
7.0CVE-2007-0090
BUGTRAQ
OTHER-REF
FreeRadius -- 1.1.3
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a reliable third party, who states that the server parameter can only be exploited via the FreeRADIUS configuration file.
unknown
2007-01-05
7.0CVE-2007-0080
BUGTRAQ
BUGTRAQ
FreeStyle -- FreeStyle Wiki
FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for config/user.dat.
unknown
2006-12-31
7.0CVE-2006-6889
OTHER-REF
XF
Geckovich -- TaskTracker Pro
Geckovich -- TaskTracker
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.
unknown
2007-01-04
7.0CVE-2007-0049
OTHER-REF
BID
SECUNIA
IBM -- OS/400
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
unknown
2006-12-31
7.0CVE-2006-6836
AIXAPAR
OTHER-REF
BID
SECUNIA
Iconics -- Dialog Wrapper Module ActiveX Control
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
unknown
2006-12-31
7.0CVE-2006-6488
CERT-VN
FRSIRT
SECUNIA
IMGallery -- IMGallery
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.
unknown
2007-01-05
7.0CVE-2007-0082
OTHER-REF
BID
FRSIRT
XF
JGBBS -- JGBBS
jgbbs stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db/bbs.mdb.
unknown
2007-01-05
7.0CVE-2007-0089
BUGTRAQ
OTHER-REF
Joomla! -- Joomla!
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
unknown
2006-12-31
7.0CVE-2006-6832
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Joomla! -- Joomla!
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
unknown
2006-12-31
7.0CVE-2006-6833
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
Joomla! -- BE IT EasyPartner component
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
7.0CVE-2006-6843
BID
Katy Whitton Web Development -- newsCMSlite
newsCMSlite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for newsCMS.mdb.
unknown
2007-01-05
7.0CVE-2007-0091
OTHER-REF
XF
KDE -- KsIRC
Buffer overflow in KsIRC 1.3.12 allows remote attackers to execute arbitrary code via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server.
unknown
2006-12-29
7.0CVE-2006-6811
OTHER-REF
BID
OTHER-REF
FRSIRT
SECTRACK
XF
MAXdev -- MDForum
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
unknown
2006-12-31
8.0CVE-2006-6869
OTHER-REF
BID
FRSIRT
Mozilla -- Durian Web Application Server
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
unknown
2006-12-31
10.0CVE-2006-6853
OTHER-REF
OTHER-REF
BID
XF
MXmania -- MXmania File Upload Manager
SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-12-29
7.0CVE-2006-6813
OTHER-REF
BID
FRSIRT
SECUNIA
MXmania -- Calendar MX BASIC
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-29
7.0CVE-2006-6825
FRSIRT
myPHPCalendar -- myPHPCalendar
Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or (3) convert-date.php.
unknown
2006-12-29
7.0CVE-2006-6812
OTHER-REF
BID
MythControl -- MythControl
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
10.0CVE-2006-6860
BUGTRAQ
BID
SECTRACK
Neocrome -- Land Down Under
SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
unknown
2006-12-31
7.0CVE-2006-6835
BUGTRAQ
XF
Netfarer.com -- MoviePlay
Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers to execute arbitrary code via a long filename in a LST file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-02
7.0CVE-2007-0016
BID
SECUNIA
OpenMedia -- OpenMedia
Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.
unknown
2007-01-05
8.0CVE-2007-0088
BUGTRAQ
OpenPinboard -- OpenPinboard
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by a third party, who states that the vulnerable is set before use.
unknown
2007-01-04
7.0CVE-2007-0050
BUGTRAQ
BUGTRAQ
OpenSER -- OpenSER OSP Module
OpenSER -- OpenSER
Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.
unknown
2006-12-31
7.0CVE-2006-6875
BUGTRAQ
BID
OpenSER -- OpenSER
The fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.1.0 and earlier might allow remote attackers to execute arbitrary code via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument.
unknown
2006-12-31
7.0CVE-2006-6876
BUGTRAQ
BID
Outfront -- Spooky Login
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
unknown
2006-12-31
10.0CVE-2006-6861
BUGTRAQ
BID
Outfront -- Spooky Login
Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp.
unknown
2006-12-31
7.0CVE-2006-6862
BUGTRAQ
BID
Personal .NET Portal -- Personal .NET Portal
Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."
unknown
2006-12-29
7.0CVE-2006-6826
OTHER-REF
FRSIRT
XF
PHP iCalendar -- PHP iCalendar
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
2006-12-20
2006-12-29
7.0CVE-2006-6824
OTHER-REF
BID
SECTRACK
SECUNIA
PHP-Update -- PHP-Update
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
unknown
2006-12-31
7.0CVE-2006-6878
OTHER-REF
BID
SECUNIA
PHP-Update -- PHP-Update
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
unknown
2006-12-31
7.0CVE-2006-6880
OTHER-REF
BID
SECUNIA
phpBB Group -- phpBB
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
unknown
2006-12-31
7.0CVE-2006-6839
OTHER-REF
BID
phpBB Group -- phpBB
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
unknown
2006-12-31
7.0CVE-2006-6840
OTHER-REF
BID
phpBB Group -- phpBB
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
unknown
2006-12-31
7.0CVE-2006-6841
OTHER-REF
BID
PHPIrc_bot -- PHPIrc_bot
** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used.
unknown
2006-12-31
7.0CVE-2006-6883
BUGTRAQ
MLIST
Red Hat -- Red Hat Enterprise Linux AS
OpenOffice -- OpenOffice
Red Hat -- Red Hat Enterprise Linux ES
Red Hat -- Red Hat Enterprise Linux WS
Red Hat -- Red Hat Desktop
Multiple integer overflows in OpenOffice.org 2.0.4 and earlier, and possibly other versions, allow remote user-assisted attackers to execute arbitrary code via a crafted WMF file.
unknown
2006-12-31
8.0CVE-2006-5870
OTHER-REF
REDHAT
Rediff -- Bol Downloader ActiveX (OCX) control
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
unknown
2006-12-31
7.0CVE-2006-6838
BUGTRAQ
OTHER-REF
BID
Shadowed Works -- Shadowed Portal
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
unknown
2006-12-31
7.0CVE-2006-6850
OTHER-REF
OTHER-REF
FRSIRT
XF
Sven Moderow -- GuestBook
Sven Moderow GuestBook 0.3a stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for (1) gbook97.mdb or (2) gbook.mdb in ~db/.
unknown
2007-01-05
7.0CVE-2007-0094
BUGTRAQ
OTHER-REF
tDiary -- tDiary
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
10.0CVE-2006-6852
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
The Address Book -- The Address Book
Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php.
unknown
2006-12-31
7.0CVE-2006-4575
OTHER-REF
SECUNIA
The Address Book -- The Address Book
Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php.
unknown
2006-12-31
7.0CVE-2006-4577
OTHER-REF
SECUNIA
The Address Book -- The Address Book
export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information.
unknown
2006-12-31
7.0CVE-2006-4578
OTHER-REF
SECUNIA
The Address Book -- The Address Book
register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
unknown
2006-12-31
7.0CVE-2006-4580
OTHER-REF
SECUNIA
VerliAdmin -- VerliAdmin
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.
unknown
2007-01-05
7.0CVE-2007-0098
OTHER-REF
FRSIRT
Vizayn Haber -- Vizayn Haber
SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2007-01-04
7.0CVE-2007-0052
OTHER-REF
BID
FRSIRT
SECUNIA
Vladimir Menshakov -- buratinable templator
Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) bu_dir or (2) bu_config[dir] parameter.
unknown
2006-12-29
7.0CVE-2006-6809
OTHER-REF
BID
FRSIRT
XF
Vladimir Meshakov -- Bubla
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
unknown
2006-12-31
7.0CVE-2006-6867
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Voc-Project -- Voodoo Chat
Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.
unknown
2006-12-31
7.0CVE-2006-6890
OTHER-REF
XF
Website Designs for Less -- Click N' Print Coupons
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
unknown
2006-12-31
10.0CVE-2006-6859
OTHER-REF
BID
FRSIRT
SECUNIA
WebText -- WebText
Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.
unknown
2006-12-31
7.0CVE-2006-6856
OTHER-REF
BID
FRSIRT
SECUNIA
Yrch! -- Yrch!
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
unknown
2006-12-29
7.0CVE-2006-6823
OTHER-REF
BID
FRSIRT
XF
Zen Cart -- Web Shopping Cart
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-31
7.0CVE-2006-6868
OTHER-REF
BID
SECUNIA
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader Plugin
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox web browser allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a javascript: or res: URI in the (1) FDF, (2) XML, and (3) XFDF AJAX request parameters, which follow the # (hash) character in a URL, aka "Universal XSS (UXSS)."
unknown
2007-01-03
5.6CVE-2007-0045
BUGTRAQ
OTHER-REF
OTHER-REF
Adobe -- Acrobat Reader Plugin
CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
unknown
2007-01-03
5.6CVE-2007-0047
OTHER-REF
AlstraSoft -- WebHost Directory
AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db.
unknown
2006-12-29
4.7CVE-2006-6819
BUGTRAQ
Apple -- iPhoto
Format string vulnerability in Apple iPhoto 6.0.5 (316), and possibly earlier versions, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
unknown
2007-01-04
5.6CVE-2007-0051
OTHER-REF
Apple -- Quicktime Player
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
unknown
2007-01-04
5.6CVE-2007-0059
OTHER-REF
OTHER-REF
DoceboLMS -- DoceboLMS
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
unknown
2006-12-31
5.6CVE-2006-6857
BUGTRAQ
Golden Book -- Golden Book
Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-12-31
5.6CVE-2006-6882
BUGTRAQ
BID
Jonathon Freeman -- OvBB
Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable.
unknown
2006-12-31
5.6CVE-2006-6892
OTHER-REF
SECUNIA
Joomla! -- Joomla!
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
unknown
2006-12-31
5.6CVE-2006-6834
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
logahead -- logahead UNU
Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
5.6CVE-2006-6887
SECUNIA
Miredo -- Miredo
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
unknown
2006-12-31
5.6CVE-2006-6858
OTHER-REF
SECUNIA
Mobilelib -- Mobilelib GOLD
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
unknown
2006-12-31
5.6CVE-2006-6851
BUGTRAQ
BUGTRAQ
BID
Nuked-Klan -- Nuked-Klan
Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a getURL statement in a .swf file, as demonstrated by "Remote Cookie Disclosure." NOTE: it could be argued that this is an issue in Shockwave instead of Nuked Klan.
unknown
2007-01-05
5.6CVE-2007-0083
BUGTRAQ
Sergey Oblomov -- iso_wincmd
Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.
2006-12-18
2006-12-31
5.6CVE-2006-6837
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
Sunbelt -- Sunbelt Kerio Personal Firewall
Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and possibly other versions allows local users to provide a Trojan horse iphlpapi.dll to SKPF by placing it in the installation directory.
unknown
2007-01-05
4.2CVE-2007-0081
BUGTRAQ
OTHER-REF
The Address Book -- The Address Book
Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer.
unknown
2006-12-31
5.6CVE-2006-4576
OTHER-REF
SECUNIA
VideoLAN -- VLC
Format string vulnerability in VideoLAN VLC 0.8.6 allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a udp://-- URI in an M3U file.
unknown
2007-01-02
5.6CVE-2007-0017
OTHER-REF
SECUNIA
WinZip -- WinZip
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
unknown
2006-12-31
5.6CVE-2006-6884
BUGTRAQ
BUGTRAQ
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Adobe -- Acrobat Reader Plugin
Adobe Acrobat Reader Plugin before 8.0.0, when used with Internet Explorer, allows remote attackers to cause a denial of service (memory consumption) via a long sequence of # (hash) characters appended to a PDF URL.
unknown
2007-01-03
2.3CVE-2007-0048
BUGTRAQ
OTHER-REF
OTHER-REF
AIDeX -- Mini-WebServer
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information.
unknown
2006-12-31
2.3CVE-2006-6855
OTHER-REF
OTHER-REF
BID
SECTRACK
SECUNIA
XF
AlstraSoft -- WebHost Directory
AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617.
unknown
2006-12-29
2.3CVE-2006-6817
BUGTRAQ
Apache Group -- Apache
** DISPUTED ** The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
unknown
2007-01-05
3.3CVE-2007-0086
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
Avahi -- Avahi
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
unknown
2006-12-31
2.3CVE-2006-6870
OTHER-REF
OTHER-REF
OTHER-REF
BattleBlog -- BattleBlog
BattleBlog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/blankmaster.mdb.
unknown
2007-01-05
3.3CVE-2007-0078
BUGTRAQ
OTHER-REF
Cisco -- Clean Access
Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager (CAM) allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file.
unknown
2007-01-04
3.3CVE-2007-0058
CISCO
FRSIRT
DB Hub -- DB Hub
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption.
unknown
2006-12-29
2.3CVE-2006-6810
OTHER-REF
OTHER-REF
BID
MLIST
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
XF
DMXReady -- DMXReady Secure Login Manager
Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel.
unknown
2006-12-29
3.4CVE-2006-6815
BUGTRAQ
SECTRACK
XF
Efkan Forum -- Efkan Forum
Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-12-31
3.3CVE-2006-6829
FRSIRT
eNdonesia -- eNdonesia
Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.
unknown
2006-12-31
2.3CVE-2006-6872
OTHER-REF
BID
FRSIRT
SECUNIA
Enthrallweb -- eCoupons
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6820
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eNews
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6821
OTHER-REF
FRSIRT
SECUNIA
Enthrallweb -- eClassifieds
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
unknown
2006-12-29
1.1CVE-2006-6822
OTHER-REF
FRSIRT
Fersche -- Formankserver
Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in Formbankserver 1.9 allows remote attackers to read arbitrary files via directory traversal sequences in the Name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2007-01-04
2.3CVE-2007-0055
OTHER-REF
FRSIRT
SECUNIA
Hosting Controller -- Hosting Controller
Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter.
2006-12-27
2006-12-29
1.6CVE-2006-6814
OTHER-REF
BID
SECTRACK
FRSIRT
LBlog -- LBlog
lblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a certain file in admin/db/newFolder/.
unknown
2007-01-05
3.3CVE-2007-0077
BUGTRAQ
OTHER-REF
Linux -- Linux kernel
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system crash.
unknown
2006-12-31
1.0CVE-2006-5749
OTHER-REF
OTHER-REF
SECUNIA
Macromedia -- Flash
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
unknown
2006-12-31
2.3CVE-2006-6827
OTHER-REF
BID
XF
Macromedia -- Shockwave
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
unknown
2006-12-31
1.9CVE-2006-6885
OTHER-REF
XF
Matteo Lucarelli -- 3editor CMS
Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.
unknown
2006-12-31
1.9CVE-2006-6877
OTHER-REF
FRSIRT
SECUNIA
Microsoft -- Message Compiler
** DISPUTED ** Buffer overflow in the Windows NT Message Compiler (MC) 1.00.5239 on Microsoft Windows XP allows local users to gain privileges via a long MC-filename. NOTE: this issue has been disputed by a reliable third party who states that the compiler is not a privileged program, so privilege boundaries cannot be crossed.
unknown
2007-01-05
3.4CVE-2007-0084
BUGTRAQ
BUGTRAQ
Microsoft -- Internet Information Services
** DISPUTED ** Microsoft Internet Information Services (IIS), when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOTE: the severity of this issue has been disputed by third parties, who state that the large window size required by the attack is not normally supported or configured by the server, or that a DDoS-style attack would accomplish the same goal.
unknown
2007-01-05
3.3CVE-2007-0087
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OpenBSD -- OpenBSD
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
unknown
2007-01-05
3.4CVE-2007-0085
MLIST
OTHER-REF
OPENBSD
OPENBSD
SECTRACK
SECUNIA
P-News -- P-News
P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat.
unknown
2006-12-31
2.3CVE-2006-6888
OTHER-REF
XF
PHP-Update -- PHP-Update
Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter.
unknown
2006-12-31
3.4CVE-2006-6879
OTHER-REF
OTHER-REF
BID
SECUNIA
phpMyAdmin -- phpMyAdmin
phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.
unknown
2007-01-05
3.3CVE-2007-0095
FULLDISC
XF
phpwcms -- phpwcms
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
unknown
2006-12-31
2.3CVE-2006-6886
BUGTRAQ
OTHER-REF
FRSIRT
OSVDB
OSVDB
XF
Rblog -- Rblog
rblog stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) data/admin.mdb or (2) data/rblog.mdb.
unknown
2007-01-05
3.3CVE-2007-0079
BUGTRAQ
OTHER-REF
RealNetworks -- RealPlayer
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
unknown
2006-12-31
2.3CVE-2006-6847
OTHER-REF
BID
SoftArtisans -- FileUp
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
unknown
2006-12-31
3.3CVE-2006-6865
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
STphp -- EasyNews
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
unknown
2006-12-31
3.3CVE-2006-6866
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
The Address Book -- The Address Book
Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter.
unknown
2006-12-31
2.3CVE-2006-4579
OTHER-REF
SECUNIA
The Address Book -- The Address Book
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.
unknown
2006-12-31
2.3CVE-2006-4581
OTHER-REF
SECUNIA
The Address Book -- The Address Book
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php.
unknown
2006-12-31
2.3CVE-2006-4582
OTHER-REF
SECUNIA
Vz Forum -- Vz Forum
Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt.
unknown
2006-12-31
2.3CVE-2006-6891
OTHER-REF
XF
Back to top



Last updated January 08, 2007