Primary Vendor -- Product | Description | | CVSS Score | Source & Patch Info | 8pixel.net -- Simple Blog
| SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote
attackers to execute arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2006-4300 BUGTRAQ OTHER-REF OTHER-REF BID SECUNIA XF
| AK-Systems -- Windows
Terminal
| VNC server on the AK-Systems Windows
Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP
or Citrix sessions. | | 10.0 | CVE-2006-4309 BUGTRAQ BID
| All Topics -- All
Topics Hack
| SQL injection vulnerability in
alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to
execute arbitrary SQL commands via the start parameter. | | 7.0 | CVE-2006-4367 OTHER-REF BID
| Alt-N -- WebAdmin
| Alt-N
WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated
domain administrators to change a global administrator's password and gain privileges via the
userlist.wdm file. | | 7.0 | CVE-2006-4370 BUGTRAQ FULLDISC OTHER-REF BID FRSIRT SECUNIA XF
| AOL -- AOL Security
Edition
| AOL 9.0 Security Edition revision
4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the
"America Online 9.0" directory, which allows local users to gain privileges by replacing critical
files. | | 7.0 | CVE-2006-0948 BID BUGTRAQ FRSIRT SECTRACK SECUNIA XF
| Arthur Konze WebDesign
-- AkoComment
| PHP remote file inclusion
vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows
remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path
parameter. | | 7.0 | CVE-2006-4281 BUGTRAQ BID XF
| bits-dont-bite -- EstateAgent
| PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component
(com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute
arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4322 BUGTRAQ BID
| CityForFree --
indexcity
| SQL injection vulnerability in list.php
in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute
arbitrary SQL commands via the cate_id parameter. | | 7.0 | CVE-2006-4323 OTHER-REF BID SECUNIA
| CityForFree -- indexcity
| Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows
remote attackers to inject arbitrary web script or HTML via the url parameter. | | 7.0 | CVE-2006-4324 OTHER-REF BID SECUNIA
| CloudNine -- Interactive Links Manager
| Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in
CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script
or HTML via the (1) title, (2) description, or (3) keywords parameters. | | 7.0 | CVE-2006-4327 OTHER-REF BID SECUNIA
| CloudNine -- Interactive Links Manager
| SQL injection vulnerability in admin.php in CloudNine Interactive Links
Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary
SQL commands via the nick parameter. | | 7.0 | CVE-2006-4328 OTHER-REF BID SECUNIA
| Constructor component -- Constructor component
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in
the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote
attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | | 7.0 | CVE-2006-4372 OTHER-REF XF
| Contacts XTD component -- Contacts XTD component
| ** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php
in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute
arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has
disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is
defined. | | 7.0 | CVE-2006-4375 BUGTRAQ BUGTRAQ
| Coppermine --
Photo Gallery component
| PHP remote file inclusion
vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for
Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path
parameter. | | 7.0 | CVE-2006-4321 OTHER-REF BID FRSIRT SECUNIA XF
| CropImage component -- CropImage component
| PHP remote file inclusion vulnerability in admin.cropcanvas.php in the
CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP
code via a URL in the cropimagedir parameter. | | 7.0 | CVE-2006-4363 BUGTRAQ OTHER-REF BID
| CubeCart --
CubeCart
| Multiple SQL injection vulnerabilities in
CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid
parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in
modules/gateway/Authorize/confirmed.php. | | 7.0 | CVE-2006-4267 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| CubeCart --
CubeCart
| Multiple cross-site scripting (XSS)
vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script
or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the
(4) email parameter in (b) admin/login.php. | | 7.0 | CVE-2006-4268 BUGTRAQ OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| Derek Leung --
pSlash
| PHP remote file inclusion vulnerability in
modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary
PHP code via a URL in the lvc_include_dir parameter. | | 7.0 | CVE-2006-4373 BUGTRAQ OTHER-REF BID
| DieselScripts --
Diesel Smart Traffic
| PHP remote file inclusion
vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute
arbitrary PHP code via a URL in the src parameter. | | 7.0 | CVE-2006-4357 BUGTRAQ BID XF
| DieselScripts -- Diesel
Pay
| Cross-site scripting (XSS) vulnerability in
index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read
parameter. | | 7.0 | CVE-2006-4358 BUGTRAQ BID FRSIRT SECUNIA XF
| DieselScripts -- Diesel
Job Site
| Multiple cross-site scripting (XSS)
vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject
arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. | | 7.0 | CVE-2006-4361 BUGTRAQ FRSIRT SECUNIA XF
| DieselScripts -- Diesel
Paid Mail
| Cross-site scripting (XSS) vulnerability
in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via
the ps parameter. | | 7.0 | CVE-2006-4362 BUGTRAQ BID FRSIRT SECUNIA XF
| Digium --
Asterisk
| Stack-based buffer overflow in
channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute
arbitrary code via a crafted audit endpoint (AUEP) response. | | 7.0 | CVE-2006-4345 OTHER-REF OTHER-REF BID SECTRACK
| Digium -- Asterisk
| Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the
Record function, which allows remote attackers to (1) execute code via format string specifiers or
(2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the
CALLERIDNAME variable. | | 7.0 | CVE-2006-4346 OTHER-REF BID SECTRACK
| Doika -- Doika guestbook
| Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook
2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the
page parameter. | | 7.0 | CVE-2006-4325 OTHER-REF FRSIRT SECUNIA
| FreeBSD -- FreeBSD NetBSD -- NetBSD
| Buffer overflow in the ppp driver in FreeBSD 4.11 to 6.1 and NetBSD 2.0
through 4.0 beta allows remote attackers to cause a denial of service (panic), obtain sensitive
information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with
an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2)
ippp. | | 10.0 | CVE-2006-4304 FREEBSD OTHER-REF NETBSD
| Fscripts --
Fantastic News
| PHP remote file inclusion
vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute
arbitrary PHP code via a URL in the CONFIG[script_path] parameter. | | 7.0 | CVE-2006-4285 OTHER-REF OTHER-REF BID SECUNIA FRSIRT XF
| Fusionphp -- Fusion News
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote
attackers to execute arbitrary PHP code via a URL in the fpath parameter. | | 7.0 | CVE-2006-4240 BUGTRAQ BID FRSIRT SECTRACK XF
| Guder und Koch
Netzwerktechnik -- Eichhorn Portal
| Multiple
cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow
remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including
the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring
field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters
in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | | 7.0 | CVE-2006-4376 BUGTRAQ XF
| Guder und Koch
Netzwerktechnik -- Eichhorn Portal
| Multiple SQL
injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to
execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2)
sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the
main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module,
and the (6) GGBNSaction parameter in the ggbns module. | | 7.0 | CVE-2006-4377 BUGTRAQ XF
| IBM -- AIX
| Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through
5.3.0 allows local users to gain privileges via unspecified vectors. | | 7.0 | CVE-2006-4254 OTHER-REF AIXAPAR AIXAPAR AIXAPAR BID SECTRACK SECUNIA FRSIRT OSVDB XF
| IntegraMOD -- IntegraMOD Portal
| PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal
2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the
phpbb_root_path parameter. | | 7.0 | CVE-2006-4368 FULLDISC OTHER-REF OTHER-REF BID
| Invisionix Systems --
Invisionix Roaming System Remote
| PHP remote file
inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2
and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath
parameter. | | 7.0 | CVE-2006-4237 Milw0rm BID XF
| Jelsoft -- vBulletin
| **
DISPUTED ** PHP remote file inclusion vulnerability in install/upgrade_301.php in Jelsoft vBulletin
3.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. NOTE:
the vendor has disputed this vulnerability, saying "The default vBulletin requires authentication
prior to the usage of the upgrade system." | | 7.0 | CVE-2006-4271 BUGTRAQ BUGTRAQ BUGTRAQ BUGTRAQ OTHER-REF
| Jelsoft --
vBulletin
| ** DISPUTED ** Jelsoft vBulletin 3.5.4
allows remote attackers to register multiple arbitrary users and cause a denial of service (resource
consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this
vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through.
... if you are talking about the flood being allowed in the first place then surely this is
something that should be handled at the server level." | | 7.0 | CVE-2006-4272 BUGTRAQ BUGTRAQ
| Jelsoft --
vBulletin
| Cross-site scripting (XSS) vulnerability
in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML
by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as
script by Microsoft Internet Explorer 6. | | 7.0 | CVE-2006-4273 BUGTRAQ BUGTRAQ BUGTRAQ
| Joomla! --
mosListMessenger component Mambo -- mosListMessenger component
| PHP remote file inclusion vulnerability in archive.php in the
mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to
execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4229 OTHER-REF OTHER-REF FRSIRT SECUNIA BUGTRAQ
| Joomla! -- x-shop
component Mambo -- x-shop component
| PHP remote
file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier
for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4269 BUGTRAQ BID XF
| Justsystem --
Ichitaro
| Stack-based buffer overflow in Justsystem
Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Ichitaro for Linux allows remote attackers
to execute arbitrary code via long strings in a crafted document, as being actively exploited by
malware such Trojan.Tarodrop. NOTE: some details are obtained from third party information. | | 7.0 | CVE-2006-4326 OTHER-REF BID FRSIRT SECUNIA XF
| Kochsuite component -- Kochsuite component
| PHP remote file inclusion vulnerability in config.kochsuite.php in the
Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute
arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4348 BUGTRAQ OTHER-REF BID OSVDB XF
| LBlog -- LBlog
| SQL
injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute
arbitrary SQL commands via the id parameter. | | 7.0 | CVE-2006-4284 OTHER-REF BID SECUNIA BUGTRAQ SECTRACK XF
| Linux -- Linux
kernel
| Unspecified vulnerability in the SCTP
implementation in Linux 2.6.9, and probably other 2.6.x versions, allows local users to cause a
denial of service (panic) and possibly gain root privileges. via attack vectors. | | 7.0 | CVE-2006-3745 REDHAT SECUNIA
| Lizge -- Lizge Web Portal
| Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow
remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade
parameters. | | 7.0 | CVE-2006-4230 BUGTRAQ BID XF
| Mambo -- mtg_myhomepage
Component
| Multiple PHP remote file inclusion
vulnerabilities in the mtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote
attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1)
install.lmtg_homepage.php and (2) mtg_homepage.php. | | 7.0 | CVE-2006-4264 BUGTRAQ
| Mambo --
mambelfish component
| PHP remote file inclusion
vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier
for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4270 BUGTRAQ OTHER-REF FRSIRT SECUNIA XF
| Mambo -- CatalogShop
component
| PHP remote file inclusion vulnerability
in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers
to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4275 BUGTRAQ BID
| Mambo -- ANJEL
Component
| PHP remote file inclusion vulnerability
in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers
to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4280 BUGTRAQ XF
| Mambo --
Mambo
| PHP remote file inclusion vulnerability in
contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote
attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4286 BUGTRAQ
| Mambo --
a6mambocredits component
| PHP remote file inclusion
vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0
and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_live_site parameter. NOTE: some of these details are obtained from third party
information. | | 7.0 | CVE-2006-4288 OTHER-REF BID FRSIRT SECTRACK SECUNIA XF
| Mambo -- bigAPE-Backup component
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component
(com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the
mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4296 OTHER-REF BID FRSIRT SECUNIA XF
| MamboXChange -- Reporter
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo
component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4241 BUGTRAQ BID XF
| MamboXChange --
MamboWiki
| PHP remote file inclusion vulnerability
in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla!
allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | | 7.0 | CVE-2006-4282 BUGTRAQ OTHER-REF OTHER-REF BID
| Microsoft -- Internet
Explorer
| Buffer overflow in Microsoft Internet
Explorer 6 SP1 on Windows 2000 and XP SP1 with MS06-042 allows remote attackers to cause a denial of
service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1
compression. | | 7.0 | CVE-2006-3869 BUGTRAQ OTHER-REF OTHER-REF CERT-VN SECTRACK
| Mozilla --
Firefox
| Mozilla Firefox 1.5.0.6 and earlier allows
remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a
series of Javascript timed events that load an XML file containing a large number of closing tags,
which triggers a memory fault, aka ffoxdie3. NOTE: this is very similar to CVE-2006-4253, but
possibly a different issue. | | 7.0 | CVE-2006-4261 BUGTRAQ OTHER-REF
| NES Game -- NES
Game NES System -- NES System
| Multiple PHP
remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote
attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a)
phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d)
html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g)
HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k)
TextNav.php. | | 7.0 | CVE-2006-4287 OTHER-REF OTHER-REF BID SECUNIA FRSIRT OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB OSVDB
| OneOrZero --
OneOrZero
| SQL injection vulnerability in index.php
in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id
parameter. | | 7.0 | CVE-2006-4350 BUGTRAQ
| OneOrZero --
OneOrZero
| Cross-site scripting (XSS) vulnerability
in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via
the id parameter. | | 7.0 | CVE-2006-4351 BUGTRAQ
| OpenSEF Project --
OpenSEF
| PHP remote file inclusion vulnerability in
sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP
code via a URL in the mosConfig_absolute_path parameter. | | 7.0 | CVE-2006-4320 BUGTRAQ BID SECTRACK XF
| osCommerce --
osCommerce
| SQL injection vulnerability in
shopping_cart.php in osCommerce 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary
SQL commands via id array parameters. | | 7.0 | CVE-2006-4297 OTHER-REF BID SECTRACK XF
| Outreach Project Tool
-- OPT Max
| PHP remote file inclusion vulnerability
in include/urights.php in Outreach Project Tool (OPT) Max 1.2.6 and earlier allows remote attackers
to execute arbitrary PHP code via a URL in the CRM_inc parameter. | | 7.0 | CVE-2006-4239 Milw0rm BID FRSIRT SECUNIA XF
| Phome Empire -- Phome Empire CMS
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and
earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path
parameter. | | 7.0 | CVE-2006-4354 OTHER-REF BID SECUNIA XF
| Powergap -- Powergap Lite Powergap -- Powergap Business
| Multiple PHP remote file inclusion vulnerabilities in POWERGAP
allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a)
s01.php, (b) s02.php, (c) s03.php, or (d) s04.php; or (2) sid parameter to (e) index.php. | | 7.0 | CVE-2006-4236 BUGTRAQ Milw0rm BID XF SECTRACK
| Product Scroller
Module -- Product Scroller Module
| Multiple PHP
remote file inclusion vulnerabilities in the Product Scroller Module and other modules in
mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP
code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2)
mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5)
mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8)
mosproductsnap.php. | | 7.0 | CVE-2006-4263 BUGTRAQ BID
| RedBLoG --
RedBLoG
| PHP remote file inclusion vulnerability in
index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the
root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained
from third party information. | | 7.0 | CVE-2006-4366 OTHER-REF BID
| Rssxt component --
Rssxt component
| ** DISPUTED ** Multiple PHP remote
file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or
1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the
mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another
researcher has disputed this issue, saying that the attacker can not control this parameter. In
addition, as of 20060825, the original researcher has appeared to be unreliable with some other past
reports. CVE has not performed any followup analysis with respect to this issue. | | 7.0 | CVE-2006-4378 BUGTRAQ BUGTRAQ
| Shadows Rising RPG
-- Shadows Rising RPG
| Multiple PHP remote file
inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers
to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1)
core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or
(4) qlib/smarty.inc.php. | | 7.0 | CVE-2006-4329 MLIST OTHER-REF BID XF
| SOLMETRA -- SPAW Editor
| Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7
allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/
scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php,
or (6) td.php. | | 7.0 | CVE-2006-4283 BUGTRAQ BID
| Sonium -- Enterprise
Adressbook
| PHP remote file inclusion vulnerability
in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the
folder parameter in multiple files in the plugins directory, as demonstrated by
plugins/1_Adressbuch/delete.php. | | 7.0 | CVE-2006-4311 OTHER-REF FRSIRT SECUNIA XF
| Sony -- SonicStage
Mastering Studio
| Buffer overflow in the import
project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote
attackers to execute arbitrary code via a crafted SMP file. | | 7.0 | CVE-2006-4235 PENTEST OTHER-REF CERT-VN BID FRSIRT OSVDB SECUNIA XF
| Sony -- VAIO Media Server
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote
attackers to execute arbitrary code via unspecified vectors. | | 10.0 | CVE-2006-4289 OTHER-REF OTHER-REF OTHER-REF BID FRSIRT SECUNIA XF
| SportsPHool --
SportsPHool
| PHP remote file inclusion vulnerability
in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary
PHP code via a URL in the mainnav parameter. | | 7.0 | CVE-2006-4278 OTHER-REF BID SECUNIA FRSIRT XF
| SSH Communications Security -- Tectia Client SSH Communications Security
-- SSH Tectia Manager SSH Communications Security -- Tectia Server SSH Communications Security
-- Tectia Manager SSH Communications Security -- Tectia Connector
| Unquoted Windows search path vulnerability in multiple SSH Tectia products,
including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12
and earlier, when running on Windows, might allow local users to gain privileges via a malicious
program file under "Program Files" or its subdirectories. | | 7.0 | CVE-2006-4315 OTHER-REF BID
| SSH Communications
Security -- SSH Tectia Manager
| SSH Tectia
Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd,
which is obtained from a process listing when the "Restart" action is selected from the Management
server GUI, which causes the agent to locate the pathname of the user's program and restart it with
root privileges. | | 7.0 | CVE-2006-4316 OTHER-REF BID
| Streamripper --
Streamripper
| Buffer overflow in the HTTP header
parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and
possibly execute arbitrary code via crafted HTTP headers. | | 7.0 | CVE-2006-3124 OTHER-REF BID FRSIRT SECUNIA XF
| Sun --
Solaris
| Unspecified vulnerability in Sun Solaris 8
and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors,
involving the default Role-Based Access Control (RBAC) settings in the "File System Management"
profile. | | 7.0 | CVE-2006-4306 SUNALERT BID SECTRACK
| Sun --
Solaris
| Unspecified vulnerability in the format
command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via
unspecified vectors involving profiles that permit running format with elevated privileges, a
different issue than CVE-2006-4306. | | 7.0 | CVE-2006-4307 SUNALERT BID SECTRACK
| Texas Imperial
Software -- WFTPD
| Buffer overflow in WFTPD Server
3.23 allows remote attackers to execute arbitrary code via long SIZE commands. | | 7.0 | CVE-2006-4318 OTHER-REF BID SECTRACK
| Toenda Software Development -- toendaCMS
| ** DISPUTED ** PHP remote file inclusion vulnerability in
ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the
tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has
been disputed by a third party, who states that $tcms_administer_site is initialized to a constant
value within index.php. | | 7.0 | CVE-2006-4349 BUGTRAQ BUGTRAQ BID XF
| Tutti Nova -- Tutti
Nova
| PHP remote file inclusion vulnerability in
Tutti Nova 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the
TNLIB_DIR parameter to novalib/class.novaEdit.mysql.php. | | 7.0 | CVE-2006-4276 OTHER-REF BID SECUNIA FRSIRT XF
| Tutti Nova -- Tutti Nova
| Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote
attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1)
include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the
provenance of this information is unknown; the details are obtained from third party
information. | | 7.0 | CVE-2006-4277 BID SECUNIA
| VistaBB -- VistaBB
| Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote
attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1)
includes/functions_mod_user.php or (2) includes/functions_portal.php. | | 7.0 | CVE-2006-4365 FULLDISC OTHER-REF OTHER-REF BID FRSIRT SECUNIA
| VWar -- Virtual
War
| Multiple SQL injection vulnerabilities in
war.php in Virtual War (VWar) 1.5.0 and earlier allow remote attackers to execute arbitrary SQL
commands via the (1) s, (2) showgame, (3) sortby, and (4) sortorder parameters. NOTE: The page
parameter vector is covered by CVE-2006-4010. | | 7.0 | CVE-2006-4225 BUGTRAQ
| Woltlab -- Burning
Board
| Cross-site scripting (XSS) vulnerability in
attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web
script or HTML via a GIF image that contains URL-encoded Javascript. | | 7.0 | CVE-2006-4317 BUGTRAQ BID XF
| WTCom -- Web
Torrent
| SQL injection vulnerability in torrents.php
in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via
the cat parameter in category mode. | | 7.0 | CVE-2006-4238 Milw0rm BID XF
| XennoBB -- XennoBB
| SQL
injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to
execute arbitrary SQL commands via the icon_topic parameter. | | 7.0 | CVE-2006-4279 BUGTRAQ OTHER-REF BID FRSIRT SECUNIA XF
|