Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-331 archive

Vulnerability Summary for the Week of November 20, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
20/20 Applications -- DataShed
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
unknown
2006-11-21
7.0CVE-2006-6067
BUGTRAQ
OTHER-REF
BID
XF
Adobe -- Acrobat Reader
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
unknown
2006-11-21
7.0CVE-2006-6027
OTHER-REF
BID
Apple -- Mac OS X Server
Apple -- Mac OS X
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption.
unknown
2006-11-21
10.0CVE-2006-6061
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
CERT-VN
ASP-Nuke -- ASP-Nuke
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
unknown
2006-11-21
7.0CVE-2006-6070
BUGTRAQ
OTHER-REF
SECTRACK
XF
ASPIntranet -- ASPIntranet
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.
unknown
2006-11-20
7.0CVE-2006-5987
BUGTRAQ
BID
XF
BestWebApp -- BestWebApp Dating Site
SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
unknown
2006-11-21
7.0CVE-2006-6021
BUGTRAQ
BID
BestWebApp -- BestWebApp Dating Site
Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
unknown
2006-11-21
7.0CVE-2006-6022
BUGTRAQ
BID
BiBa Software -- Selenium Server
SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-20
10.0CVE-2006-5982
FRSIRT
SECUNIA
OSVDB
XF
Blog Torrent -- Blog Torrent preview
Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.
unknown
2006-11-21
7.0CVE-2006-6020
BUGTRAQ
XF
Bloo -- Bloo
Cross-site scripting (XSS) vulnerability in extensions/googiespell/googlespell_proxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
unknown
2006-11-21
7.0CVE-2006-6019
BUGTRAQ
OTHER-REF
BID
Bloo -- Bloo
** DISPUTED ** PHP remote file inclusion vulnerability in phoo.base.php in Bill Roberts Bloo 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the descriptorFileList parameter. NOTE: this issue is disputed by CVE since $descriptorFileList is used in a function definition within phoo.base.php.
unknown
2006-11-21
7.0CVE-2006-6023
BUGTRAQ
MLIST
XF
CactuSoft -- CactuShop
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
unknown
2006-11-20
7.0CVE-2006-5991
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
ClickTech -- Texas Rank'em
Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em allow remote attackers to execute arbitrary SQL commands via the (1) selPlayer parameter to player.asp or the (2) tournament_id parameter to tournaments.asp.
unknown
2006-11-21
7.0CVE-2006-6050
BUGTRAQ
OTHER-REF
BID
D-Link -- DWL-G132
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
unknown
2006-11-21
10.0CVE-2006-6055
OTHER-REF
SECTRACK
Dragon Internet -- Events Listing
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp.
unknown
2006-11-21
7.0CVE-2006-6066
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Drumster -- BlogMe
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
unknown
2006-11-20
7.0CVE-2006-5975
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
Drumster -- BlogMe
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
unknown
2006-11-20
7.0CVE-2006-5976
BUGTRAQ
OTHER-REF
BID
SECUNIA
XF
emreTURK -- OpenHuman
SQL injection vulnerability in OpenHuman before 1.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-11-21
7.0CVE-2006-6036
OTHER-REF
FRSIRT
OSVDB
XF
Epic Designs -- eggblog
Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php.
unknown
2006-11-21
7.0CVE-2006-6046
BUGTRAQ
BID
SECTRACK
XF
Expinion -- MultiCalendars
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
unknown
2006-11-20
7.0CVE-2006-5977
BUGTRAQ
XF
Extreme CMS -- Extreme CMS
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-20
7.0CVE-2006-5985
FRSIRT
SECUNIA
Extreme CMS -- Extreme CMS
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-20
7.0CVE-2006-5986
FRSIRT
SECUNIA
F-ART Agency -- BLOG:CMS
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
unknown
2006-11-21
7.0CVE-2006-6035
BUGTRAQ
BID
FRSIRT
SECUNIA
FutureTec -- E-Calendar Pro
Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd (Password) fields in (a) admin/default.asp; or the (3) Event Title, (4) Location, or (5) Description field when making a search engine query in (b) search.asp. NOTE: some of these details are obtained from third party information.
unknown
2006-11-21
7.0CVE-2006-6030
BUGTRAQ
SECUNIA
Fuzzball MUCK -- Fuzzball MUCK
Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.
unknown
2006-11-21
7.0CVE-2006-6064
OTHER-REF
FRSIRT
SECUNIA
BID
XF
GCIS -- ASPCart
Multiple SQL injection vulnerabilities in Greater Cincinnati Internet Solutions (GCIS) ASPCart allow remote attackers to execute arbitrary SQL commands via (1) the prodid parameter in (a) prodetails.asp; (2) the page parameter in (b) display.asp; the (3) custid, (4) item, (5) price, (6) custom, (7) department, (8) start, (9) quantity, (10) submit, (11) custom1, (12) custom2, or (13) custom3 parameters in (c) addcart.asp; or the (14) customerid parameter in (d) payment.asp.
unknown
2006-11-21
7.0CVE-2006-6031
BUGTRAQ
Imagemagick -- Imagemagick
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
unknown
2006-11-21
7.0CVE-2006-5868
DEBIAN
SECUNIA
JBMC Software -- DirectAdmin
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
unknown
2006-11-20
7.0CVE-2006-5983
BUGTRAQ
OTHER-REF
BID
XF
Jelsoft -- vBulletin
Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action.
unknown
2006-11-21
7.0CVE-2006-6040
BUGTRAQ
BID
FRSIRT
SECUNIA
Jim Plush -- My-BIC
** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the INC_PATH parameter, a different vector than CVE-2006-5089. NOTE: this issue is disputed by CVE and third party researchers because INC_PATH is a constant.
unknown
2006-11-21
7.0CVE-2006-6018
BUGTRAQ
MLIST
XF
Leinir -- Travelsized CMS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.
unknown
2006-11-21
7.0CVE-2006-6037
BUGTRAQ
OTHER-REF
BID
SECTRACK
MamboXChange -- MosReporter
PHP remote file inclusion vulnerability in reporter.logic.php in the MosReporter (com_reporter) component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-11-21
7.0CVE-2006-6051
BUGTRAQ
OTHER-REF
BID
My Firewall Plus -- My Firewall Plus
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
unknown
2006-11-22
7.0CVE-2006-3973
OTHER-REF
FRSIRT
SECUNIA
NetGear -- MA521 Wireless Driver
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
unknown
2006-11-21
10.0CVE-2006-6059
OTHER-REF
CERT-VN
FRSIRT
SECTRACK
SECUNIA
Phil Taylor -- Shambo2
PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-11-21
7.0CVE-2006-6049
BUGTRAQ
BID
FRSIRT
SECUNIA
XF
Powie -- pForum
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-21
7.0CVE-2006-6038
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Powie -- PHP MatchMaker
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter.
unknown
2006-11-21
7.0CVE-2006-6039
OTHER-REF
BID
XF
FRSIRT
SECUNIA
Property Pro -- Property Pro
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
unknown
2006-11-21
7.0CVE-2006-6029
BUGTRAQ
Renasoft -- NetJetServer
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-20
10.0CVE-2006-5980
FRSIRT
SECUNIA
SitesOutlet -- E-commerce Kit-1
Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 PayPal Edition allow remote attackers to execute arbitrary SQL commands via the (1) keyword or (2) cid parameter in (a) catalogue.asp, or the (3) pid parameter in (b) viewDetail.asp.
unknown
2006-11-21
7.0CVE-2006-6034
BUGTRAQ
FRSIRT
SECUNIA
Sky Software -- FileView ActiveX Control
WinZip -- WinZip
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
unknown
2006-11-21
7.0CVE-2006-3890
BUGTRAQ
Milw0rm
MS
CERT-VN
BID
SECUNIA
SPHPBlog -- SPHPBlog
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. NOTE: this has been reported to affect 0.8, but as of 20061121, the most recent version is only 0.4.9.
unknown
2006-11-21
7.0CVE-2006-6032
BUGTRAQ
XF
SPHPBlog -- SPHPBlog
Multiple directory traversal vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to read arbitrary files and possibly include arbitrary PHP code via a .. (dot dot) sequence in the blog_theme parameter in (1) index.php, (2) add_cgi.php, (3) add_link.php, (4) login.php, (5) template.php, or (6) contact.php.
unknown
2006-11-21
7.0CVE-2006-6033
BUGTRAQ
Un4seen -- XMPlay
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.
unknown
2006-11-21
7.0CVE-2006-6063
OTHER-REF
FRSIRT
SECUNIA
WebHost Automation -- Helm Web Hosting Control Panel
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.
unknown
2006-11-20
7.0CVE-2006-5984
BUGTRAQ
FRSIRT
SECUNIA
WORK system e-commerce -- WORK system e-commerce
Multiple PHP remote file inclusion vulnerabilities in WORK system e-commerce 3.0.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the g_include parameter to (1) index.php, (2) module/forum/forum.php, (3) unspecified files under module/, and (4) unspecified files under administration/module/.
unknown
2006-11-21
7.0CVE-2006-6041
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
BiBa Software -- Selenium Server
Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary files via directory traversal sequences in the (1) DIR (LIST or NLST), (2) GET (RETR), and (3) PUT (STOR) commands.
unknown
2006-11-20
4.7CVE-2006-5981
FRSIRT
SECUNIA
OTHER-REF
OSVDB
Comdev -- Comdev One Admin Pro
Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.
unknown
2006-11-21
5.6CVE-2006-6045
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
XF
E-Xoopport -- E-Xoopport
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
unknown
2006-11-20
4.9CVE-2006-5978
OTHER-REF
BID
FRSIRT
XF
Etomite -- Etomite CMS
Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the f parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
unknown
2006-11-21
4.2CVE-2006-6047
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Etomite -- Etomite CMS
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-21
5.6CVE-2006-6048
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Linux -- Netkit
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
unknown
2006-11-21
4.2CVE-2006-6008
OTHER-REF
OTHER-REF
OTHER-REF
GENTOO
SECUNIA
SECUNIA
MxBB -- CalSnails module
PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
unknown
2006-11-21
5.6CVE-2006-6065
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
NetBSD -- NetBSD
The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact.
unknown
2006-11-21
4.9CVE-2006-6014
MLIST
Oliver -- Oliver
PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function.
unknown
2006-11-21
5.6CVE-2006-6043
FRSIRT
SECUNIA
BID
XF
Panda -- ActiveScan
Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows remote attackers to (1) reboot the system using the Reinicializar method in the ActiveScan.1 ActiveX control, or (2) determine arbitrary file existence and size via the ObtenerTamano method in the PAVPZ.SOS.1 ActiveX control.
unknown
2006-11-17
4.7CVE-2006-5966
SECUNIA
BUGTRAQ
FRSIRT
SECUNIA
XF
XF
PHPQuickGallery -- PHPQuickGallery
PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter.
unknown
2006-11-21
5.6CVE-2006-6044
OTHER-REF
FRSIRT
SECUNIA
phpWebThings -- phpWebThings
PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter.
unknown
2006-11-21
5.6CVE-2006-6042
OTHER-REF
FRSIRT
SECUNIA
Qualcomm -- Eudora Worldmail
Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. NOTE: Some of these details are obtained from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-21
4.9CVE-2006-6024
OTHER-REF
BID
RealNetworks -- Helix DNA Server
Heap-based buffer overflow in Helix DNA Server 11.0 and 11.1 has unknown impact and attack vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-21
4.9CVE-2006-6026
OTHER-REF
BID
SECUNIA
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Anton Vlasov -- DoSePa
Directory traversal vulnerability in textview.php in Anton Vlasov DoSePa 1.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) sequence or absolute file path the file parameter.
unknown
2006-11-21
2.3CVE-2006-6028
OTHER-REF
OTHER-REF
BID
FRSIRT
XF
Apple -- Mac OS X
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
unknown
2006-11-21
2.3CVE-2006-6015
BUGTRAQ
BUGTRAQ
Apple -- Mac OS X Server
Apple -- Mac OS X
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
unknown
2006-11-21
3.3CVE-2006-6062
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
DragonFlyBSD -- DragonFlyBSD
TrustedBSD -- TrustedBSD
FreeBSD -- FreeBSD
MidnightBSD -- MidnightBSD
NetBSD -- NetBSD
Integer signedness error in the fw_ioctl (FW_IOCTL) function in the FireWire (IEEE-1394) drivers (dev/firewire/fwdev.c) in various BSD kernels, including DragonFlyBSD, FreeBSD 5.5, MidnightBSD 0.1-CURRENT before 20061115, NetBSD before 20061116, and TrustedBSD, allows local users to read arbitrary memory contents via certain negative values of crom_buf->len in an FW_GCROM command. NOTE: this issue has been labeled as an integer overflow, but it is more like an integer signedness error.
unknown
2006-11-21
1.6CVE-2006-6013
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
FULLDISC
MLIST
OTHER-REF
OTHER-REF
OTHER-REF
SECUNIA
XF
BUGTRAQ
BUGTRAQ
BUGTRAQ
BID
Linux -- Linux kernel
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
unknown
2006-11-21
2.3CVE-2006-6053
OTHER-REF
Linux -- Linux kernel
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
unknown
2006-11-21
2.3CVE-2006-6054
OTHER-REF
Linux -- Linux kernel
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.
unknown
2006-11-21
2.3CVE-2006-6056
OTHER-REF
Linux -- Linux kernel
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.
unknown
2006-11-21
2.3CVE-2006-6057
OTHER-REF
Linux -- Linux kernel
The minix filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.
unknown
2006-11-21
2.3CVE-2006-6058
OTHER-REF
Linux -- Linux kernel
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
unknown
2006-11-21
2.3CVE-2006-6060
OTHER-REF
mAlbum -- mAlbum
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.
unknown
2006-11-21
2.3CVE-2006-6068
BUGTRAQ
FRSIRT
SECUNIA
XF
mAlbum -- mAlbum
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
unknown
2006-11-21
2.3CVE-2006-6069
BUGTRAQ
XF
MGinternet -- Car Site Manager
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-21
2.3CVE-2006-6012
FRSIRT
Microsoft -- Windows 2000
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-20
2.3CVE-2006-5988
BID
SECUNIA
mod_auth_kerb -- mod_auth_kerb
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
unknown
2006-11-20
2.3CVE-2006-5989
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
NetEpi Case Manager -- NetEpi Case Manager
NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
unknown
2006-11-21
2.3CVE-2006-6052
OTHER-REF
FRSIRT
XF
Qualcomm -- Eudora Worldmail
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
unknown
2006-11-21
2.3CVE-2006-6025
OTHER-REF
BID
Renasoft -- NetJetServer
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
unknown
2006-11-20
2.3CVE-2006-5979
FRSIRT
SECUNIA
SAP -- SAP Web Application Server
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
unknown
2006-11-21
2.3CVE-2006-6010
BUGTRAQ
SAP -- SAP Web Application Server
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
unknown
2006-11-21
2.3CVE-2006-6011
BUGTRAQ
Sun -- JDK
Sun -- JRE
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
unknown
2006-11-21
2.3CVE-2006-6009
SUNALERT
FRSIRT
SECTRACK
SECUNIA
Timo Sirainen -- Dovecot
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
unknown
2006-11-20
2.3CVE-2006-5973
BUGTRAQ
MLIST
SECUNIA
BID
FRSIRT
XF
Verity -- Ultraseek
Absolute path traversal vulnerability in admin/logfile.txt in Verity Ultraseek before 5.6.2 allows remote attackers to read arbitrary files via the name variable.
unknown
2006-11-17
2.3CVE-2006-5971
BUGTRAQ
OTHER-REF
OTHER-REF
OSVDB
SECUNIA
XF
OTHER-REF
VMWare -- VirtualCenter
VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack.
unknown
2006-11-20
3.7CVE-2006-5990
OTHER-REF
OTHER-REF
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
WebEvents -- Online Event Registration
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.
unknown
2006-11-21
2.3CVE-2006-6007
BUGTRAQ
WordPress -- WordPress
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
unknown
2006-11-21
1.4CVE-2006-6016
OTHER-REF
OTHER-REF
GENTOO
WordPress -- WordPress
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
unknown
2006-11-21
1.4CVE-2006-6017
OTHER-REF
OTHER-REF
GENTOO
Back to top



Last updated November 27, 2006