Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-338 archive

Vulnerability Summary for the Week of November 27, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- 3CTftpSvc
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command. NOTE: some of these details are obtained from third party information.
unknown
2006-11-30
7.0CVE-2006-6183
BUGTRAQ
BID
FRSIRT
SECUNIA
8pixel.net -- Simple Blog
SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-30
7.0CVE-2006-6191
Milw0rm
FRSIRT
SECUNIA
XF
8pixel.net -- Simple Blog
Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-30
7.0CVE-2006-6192
FRSIRT
SECUNIA
a-ConMan -- a-ConMan
PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter.
unknown
2006-11-24
7.0CVE-2006-6078
BUGTRAQ
OTHER-REF
BID
OTHER-REF
FRSIRT
SECTRACK
Acer -- LunchApp.APlunch
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
unknown
2006-11-26
10.0CVE-2006-6121
OTHER-REF
FRSIRT
SECUNIA
XF
Active PHP Bookmarks -- Active PHP Bookmarks
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in L. Brandon Stone and Nathanial P. Hendler Active PHP Bookmarks (APB) 1.1.02 allow remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS['apb_path'] parameter in (1) apb_common.php or (2) apb.php. NOTE: CVE and another third party dispute this vulnerability because these PHP scripts exit if the attack vectors are present in GPC variables.
unknown
2006-11-28
7.0CVE-2006-6167
BUGTRAQ
BUGTRAQ
XF
Allied Telesyn -- Allied Telesyn TFTP Server
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
unknown
2006-11-30
7.0CVE-2006-6184
BUGTRAQ
BID
FRSIRT
SECUNIA
Anna^ IRC Bot -- Anna^ IRC Bot
SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues.
unknown
2006-11-30
7.0CVE-2006-6190
OTHER-REF
OTHER-REF
BID
FRSIRT
Apple -- Mac OS X
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
unknown
2006-11-30
7.0CVE-2006-4398
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
unknown
2006-11-30
10.0CVE-2006-4404
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
unknown
2006-11-30
7.0CVE-2006-4406
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
unknown
2006-11-30
7.0CVE-2006-4410
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
unknown
2006-11-30
7.0CVE-2006-4411
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
b2evolution -- b2evolution
Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php.
unknown
2006-11-30
7.0CVE-2006-6197
BUGTRAQ
BID
SECUNIA
BaalASP -- Smart Form Portal
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
unknown
2006-11-24
7.0CVE-2006-6090
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
XF
BasicForum -- BasicForum
SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-30
7.0CVE-2006-6193
OTHER-REF
BID
FRSIRT
SECUNIA
XF
BiBa Software -- SeleniumServer Web Server
Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-26
7.0CVE-2006-6124
OSVDB
SECUNIA
XF
BirdBlog -- BirdBlog
Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064.
unknown
2006-11-30
7.0CVE-2006-6211
BUGTRAQ
BID
XF
BlazeVideo -- Blaze DVD
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-30
7.0CVE-2006-6199
BID
FRSIRT
SECUNIA
Borland -- C# Builder
Borland -- C++Builder
Borland -- idsql32.dll
Borland -- Developer Studio
RevilloC -- MailServer
Borland -- C++ Builder
Borland -- Delphi
Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.
unknown
2006-11-30
7.0CVE-2006-6201
OTHER-REF
FRSIRT
SECUNIA
BPG-InfoTech -- Easy Publisher
BPG-InfoTech -- Smart Publisher Pro
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-11-24
7.0CVE-2006-6072
BID
FRSIRT
SECUNIA
Business Objects -- Crystal Enterprise
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
unknown
2006-11-29
7.0CVE-2006-4099
OTHER-REF
OTHER-REF
SECUNIA
OTHER-REF
FRSIRT
ClickTech -- ClickContact
Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters.
unknown
2006-11-30
7.0CVE-2006-6181
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
ClickTech -- ClickGallery
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp, the currentpage or (5) orderby parameter to (c) gallery.asp, or the currentpage parameter to (d) view_recent.asp.
unknown
2006-11-30
7.0CVE-2006-6187
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
ClickTech -- ClickBlog
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter.
unknown
2006-11-30
7.0CVE-2006-6189
BUGTRAQ
OTHER-REF
BID
CreaScripts -- Creadirectory
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
unknown
2006-11-24
7.0CVE-2006-6083
BUGTRAQ
OTHER-REF
BID
SECUNIA
FRSIRT
DeskPRO -- DeskPRO
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
7.0CVE-2006-6159
BID
FRSIRT
OSVDB
SECUNIA
XF
Doug Luxem -- Liberum Help Desk
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
unknown
2006-11-28
7.0CVE-2006-6160
OTHER-REF
BID
FRSIRT
XF
Doug Luxem -- Liberum Help Desk
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
7.0CVE-2006-6161
FRSIRT
Enthrallweb -- eShopping Cart
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
unknown
2006-11-24
7.0CVE-2006-6073
BUGTRAQ
OTHER-REF
XF
Enthrallweb -- eShopping Cart
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
unknown
2006-11-24
7.0CVE-2006-6074
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
Enthrallweb -- eHomes
Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to (a) dircat.asp; the (2) sid parameter to (b) dirSub.asp; the (3) TYPE_ID parameter to (c) types.asp; the (4) AD_ID parameter to (d) homeDetail.asp; the (5) cat parameter to (e) result.asp; the (6) compare, (7) clear, and (8) adID parameters to (f) compareHomes.asp; and the (9) aminprice, (10) amaxprice, and (11) abedrooms parameters to (g) result.asp.
unknown
2006-11-30
7.0CVE-2006-6204
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Enthrallweb -- eHomes
Multiple cross-site scripting (XSS) vulnerabilities in result.asp in Enthrallweb eHomes allow remote attackers to inject arbitrary web script or HTML via the (1) city or (2) State parameter.
unknown
2006-11-30
7.0CVE-2006-6205
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Enthrallweb -- eClassifieds
Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds allow remote attackers to execute arbitrary SQL commands via the (1) AD_ID, (2) cat_id, (3) sub_id, and (4) ad_id parameters to (a) ad.asp, the (5) cid parameter to (b) dircat.asp, and the (6) sid parameter to (c) dirSub.asp.
unknown
2006-11-30
7.0CVE-2006-6208
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Fisasp.com -- Ultimate Survey Pro
Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter.
unknown
2006-11-30
7.0CVE-2006-6194
BUGTRAQ
OTHER-REF
FRSIRT
XF
Fixit Knowledge Solutions -- iDMS Pro Image Gallery
Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter).
unknown
2006-11-30
7.0CVE-2006-6196
BUGTRAQ
OTHER-REF
BID
SECTRACK
Fixit Knowledge Systems -- iDMS
Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) show_id or (2) parentid parameter to (a) filelist.asp, or the (3) fid parameter to (b) showfile.asp.
unknown
2006-11-30
7.0CVE-2006-6195
OTHER-REF
BID
SECTRACK
Francisco Burzi -- PHP-Nuke
Multiple SQL injection vulnerabilities in the (1) rate_article and (2) rate_complete functions in modules/News/index.php in the News module in Francisco Burzi PHP-Nuke 7.9 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the sid parameter.
unknown
2006-11-30
7.0CVE-2006-6200
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
Gazatem Technologies -- gNews Publisher
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
unknown
2006-11-24
7.0CVE-2006-6080
BUGTRAQ
OTHER-REF
BID
XF
GNU -- Radius
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
unknown
2006-11-27
10.0CVE-2006-4181
IDEFENSE
BID
FRSIRT
SECTRACK
SECUNIA
XF
Horde -- Kronolith
Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter.
unknown
2006-11-30
7.0CVE-2006-6175
IDEFENSE
MLIST
MLIST
BID
hscripts -- HIOX Star Rating System Script
PHP remote file inclusion vulnerability in addcode.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.
unknown
2006-11-28
7.0CVE-2006-6154
OTHER-REF
BID
FRSIRT
SECUNIA
XF
hscripts -- HIOX Star Rating System Script
Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
7.0CVE-2006-6155
FRSIRT
XF
IISWorks -- ASP ListPics
SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
unknown
2006-11-30
7.0CVE-2006-6210
BUGTRAQ
OTHER-REF
BID
XF
Imendio AB -- LoudMouth
Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.
unknown
2006-11-24
7.0CVE-2006-6079
BUGTRAQ
XF
JBoss -- JBoss Application Server
Directory traversal vulnerability in JBoss Application Server (jbossas) 4.0.4 and earlier allows remote authenticated users to read or modify arbitrary files, and execute arbitrary code, via the DeploymentFileRepository class in the console manager.
unknown
2006-11-27
7.0CVE-2006-5750
REDHAT
OTHER-REF
SECUNIA
JiRos -- Links Manager
Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.
unknown
2006-11-28
7.0CVE-2006-6147
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
JiRos -- Links Manager
Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information.
unknown
2006-11-28
7.0CVE-2006-6148
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
JiRos -- FAQ Manager
SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter.
unknown
2006-11-28
7.0CVE-2006-6149
OTHER-REF
BID
FRSIRT
SECUNIA
libgsf -- libgsf
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a crafted OLE document.
2006-08-17
2006-11-30
7.0CVE-2006-4514
IDEFENSE
DEBIAN
BID
Lynx Internet Solutions -- Evolve Merchant
SQL injection vulnerability in products.asp in Evolve shopping cart (aka Evolve Merchant) allows remote attackers to execute arbitrary SQL commands via the partno parameter.
unknown
2006-11-30
7.0CVE-2006-6207
BUGTRAQ
BID
XF
Messagerie Locale -- Messagerie Locale
PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
7.0CVE-2006-6151
BID
FRSIRT
SECUNIA
Michaelis Freunde -- ContentNow
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
unknown
2006-11-28
7.0CVE-2006-6157
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
MidiCart Software -- MidiCart ASP Plus Shopping Cart
MidiCart Software -- MidiCart ASP Shopping Cart
Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart and ASP Plus Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) id2006quant parameter to (a) item_show.asp, or the (2) maingroup or (3) secondgroup parameter to (b) item_list.asp. NOTE: the code_no parameter to Item_Show.asp is covered by CVE-2005-2601.
unknown
2006-11-30
7.0CVE-2006-6209
BUGTRAQ
BUGTRAQ
OTHER-REF
BID
XF
Neocrome -- Seditio
SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
unknown
2006-11-30
7.0CVE-2006-6177
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
NetGear -- WG311v1
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.
unknown
2006-11-26
7.0CVE-2006-6125
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
CERT-VN
Novell -- Novell Client
Buffer overflow in NWSPOOL.DLL in Novell Client 4.91 Post-SP3 for Windows 2000/XP/2003 has unknown impact and attack vectors.
unknown
2006-11-26
7.0CVE-2006-6114
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
NukeAI -- NukeAI
PHP remote file inclusion vulnerability in modules/NukeAI/util.php in the NukeAI 0.0.3 Beta module for PHP-Nuke, aka Program E is an AIML chatterbot, allows remote attackers to execute arbitrary PHP code via a URL in the AIbasedir parameter.
unknown
2006-11-30
7.0CVE-2006-6202
OTHER-REF
BID
FRSIRT
XF
OWLLib -- OWLLib
PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIB_ROOT parameter.
unknown
2006-11-28
7.0CVE-2006-6150
OTHER-REF
FRSIRT
SECUNIA
BID
XF
PEGames -- PEGames
index.php in PEGames uses the extract function to overwrite critical variables, which allows remote attackers to conduct PHP remote file inclusion attacks via the abs_url parameter, which is later extracted to overwrite a previously uncontrolled value.
unknown
2006-11-30
7.0CVE-2006-6213
OTHER-REF
MLIST
BID
XF
PMOS Helpdesk -- PMOS Helpdesk
Ace Helpdesk -- Ace Helpdesk
InverseFlow -- Help Desk
Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php.
unknown
2006-11-28
7.0CVE-2006-6158
BUGTRAQ
MLIST
BID
FRSIRT
FRSIRT
FRSIRT
SECUNIA
SECUNIA
SECUNIA
XF
ProFTPD Project -- ProFTPD
Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815.
unknown
2006-11-30
7.0CVE-2006-6170
BUGTRAQ
BUGTRAQ
FULLDISC
OTHER-REF
OTHER-REF
FRSIRT
SECUNIA
ProFTPD Project -- ProFTPD
** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from an initial vague disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability.
unknown
2006-11-30
7.0CVE-2006-6171
OTHER-REF
OTHER-REF
Ryan Demmer -- Joomla Content Editor
Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter.
unknown
2006-11-28
7.0CVE-2006-6166
OTHER-REF
OTHER-REF
OTHER-REF
Sisfo Kampus -- Sisfo Kampus
Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 allow remote attackers to execute arbitrary PHP code via a URL in the (1) exec parameter to index.php or (2) print parameter to print.php, which is also accessible via the print command to index.php.
unknown
2006-11-27
7.0CVE-2006-6137
OTHER-REF
BID
Sisfo Kampus -- Sisfo Kampus
PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-27
7.0CVE-2006-6140
FRSIRT
SECUNIA
Softacid -- Link Exchange Lite
Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.
unknown
2006-11-27
7.0CVE-2006-6132
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Telaen -- Telaen
PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.
unknown
2006-11-24
7.0CVE-2006-6081
BUGTRAQ
BUGTRAQ
XF
TikiWiki -- TikiWiki
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
7.0CVE-2006-6162
BID
FRSIRT
OSVDB
SECUNIA
TikiWiki -- TikiWiki
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
unknown
2006-11-28
7.0CVE-2006-6163
OTHER-REF
FRSIRT
TikiWiki -- TikiWiki
tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email."
unknown
2006-11-28
7.0CVE-2006-6168
OTHER-REF
OTHER-REF
FRSIRT
TIN -- TIN
Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.
unknown
2006-11-26
7.0CVE-2006-6122
GENTOO
Trend Micro -- OfficeScan
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors.
unknown
2006-11-30
7.0CVE-2006-6178
OTHER-REF
OTHER-REF
Trend Micro -- OfficeScan
Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors.
unknown
2006-11-30
7.0CVE-2006-6179
OTHER-REF
OTHER-REF
vSpin.net -- Classified System
Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.
unknown
2006-11-28
7.0CVE-2006-6152
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
WarHound -- WarHound General Shopping Cart
SQL injection vulnerability in item.asp in WarHound General Shopping Cart allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
unknown
2006-11-30
7.0CVE-2006-6206
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Web Wiz -- Site News
PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-30
7.0CVE-2006-6212
BID
FRSIRT
SECUNIA
xine -- Real Media Input Plugin
Buffer overflow in the asmrp_eval function for Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
unknown
2006-11-30
7.0CVE-2006-6172
OTHER-REF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.
unknown
2006-11-30
4.9CVE-2006-4396
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
unknown
2006-11-30
5.6CVE-2006-4400
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
unknown
2006-11-30
5.6CVE-2006-4401
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
unknown
2006-11-30
5.6CVE-2006-4402
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
unknown
2006-11-30
5.6CVE-2006-4412
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.
unknown
2006-11-30
4.9CVE-2006-6173
OTHER-REF
FRSIRT
SECUNIA
Business Objects -- Crystal Reports
Stack-based buffer overflow in Business Objects Crystal Reports XI Professional has unknown impact and user-assisted attack vectors related to a crafted .RPT file.
unknown
2006-11-27
5.6CVE-2006-6133
BUGTRAQ
FRSIRT
SECTRACK
SECUNIA
BID
cPanel -- WebHost Manager
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park.
unknown
2006-11-30
4.2CVE-2006-6198
BUGTRAQ
OTHER-REF
BID
XF
e-Ark -- e-Ark
PHP remote file inclusion vulnerability in ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.
unknown
2006-11-24
5.6CVE-2006-6086
Milw0rm
BID
FRSIRT
SECUNIA
XF
EC-CUBE -- EC-CUBE
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
unknown
2006-11-26
5.6CVE-2006-6108
OTHER-REF
BID
FRSIRT
SECUNIA
SECTRACK
XF
FreeBSD -- FreeBSD
NetBSD -- NetBSD
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
unknown
2006-11-28
4.9CVE-2006-6165
BUGTRAQ
BUGTRAQ
GnuPG -- GnuPG
Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt.
unknown
2006-11-29
6.4CVE-2006-6169
BUGTRAQ
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
IBM -- WebSpehere Application Server
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
unknown
2006-11-27
4.9CVE-2006-6135
OTHER-REF
AIXAPAR
AIXAPAR
FRSIRT
SECUNIA
IBM -- WebSphere Application Server
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.
unknown
2006-11-27
4.9CVE-2006-6136
OTHER-REF
AIXAPAR
FRSIRT
SECUNIA
Kerio -- WebSTAR
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
unknown
2006-11-27
5.6CVE-2006-6131
BUGTRAQ
OTHER-REF
BID
FRSIRT
OSVDB
SECTRACK
SECUNIA
XF
OpenBSD -- OpenBSD
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
unknown
2006-11-28
4.9CVE-2006-6164
BUGTRAQ
BUGTRAQ
OTHER-REF
OPENBSD
OPENBSD
SECTRACK
PassGo -- SSO Plus
PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs.
unknown
2006-11-26
4.9CVE-2006-5965
OTHER-REF
FRSIRT
BUGTRAQ
BID
SECTRACK
SECUNIA
XF
pstotext -- pstotext
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
unknown
2006-11-26
5.6CVE-2006-5869
DEBIAN
BID
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
Apple -- Mac OS X
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
unknown
2006-11-30
3.7CVE-2006-4403
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
unknown
2006-11-30
2.3CVE-2006-4407
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
unknown
2006-11-30
2.3CVE-2006-4408
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
unknown
2006-11-30
1.6CVE-2006-4409
OTHER-REF
APPLE
CERT
FRSIRT
SECUNIA
Apple -- Mac OS X AppleTalk
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
unknown
2006-11-27
2.3CVE-2006-6130
OTHER-REF
BID
FRSIRT
SECUNIA
XF
BaalAsp -- BaalAsp Forum
Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.
unknown
2006-11-24
2.3CVE-2006-6089
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Blogn -- Blogn
Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
unknown
2006-11-30
2.3CVE-2006-6176
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Blue-Collar Productions -- i-Gallery
Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.
unknown
2006-11-24
2.3CVE-2006-6088
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
ClickTech -- ClickGallery
Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-11-30
2.3CVE-2006-6188
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
CreaScripts -- Creadirectory
Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.
unknown
2006-11-24
2.3CVE-2006-6082
BUGTRAQ
OTHER-REF
BID
SECUNIA
FRSIRT
CRYPTOCard -- CRYPTO-Server
CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
1.6CVE-2006-6145
FRSIRT
SECUNIA
enomphp -- enomphp
Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to (1) config.php, (2) ranklv_inside.php, (3) rankml_inside.php, and (4) admin/Restore/config.php.
unknown
2006-11-30
2.3CVE-2006-6186
BUGTRAQ
MLIST
XF
Expinion.net -- iNews Publisher
Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-30
2.3CVE-2006-6180
BID
FRSIRT
SECUNIA
Gabriele Teotino -- GNotebook
The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file.
unknown
2006-11-30
2.3CVE-2006-6182
BID
SECTRACK
GNU -- tar
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
unknown
2006-11-24
3.7CVE-2006-6097
FULLDISC
OTHER-REF
BID
UBUNTU
FRSIRT
hscripts -- HIOX Star Rating System Script
Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-28
2.3CVE-2006-6156
FRSIRT
XF
James Greenwood -- Monkey Boards
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
unknown
2006-11-28
2.3CVE-2006-6113
OTHER-REF
OTHER-REF
OSVDB
OSVDB
Kile -- Kile
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.
unknown
2006-11-24
2.3CVE-2006-6085
OTHER-REF
FRSIRT
SECUNIA
XF
GENTOO
SECUNIA
Krishan -- Flyspray
Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
unknown
2006-11-30
2.3CVE-2006-6203
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- Windows Media Player
Windows Media 10.00.00.4036 allows remote attackers to cause a denial of service via an ASX Playlist with a ref tag containing a long href value.
unknown
2006-11-27
3.3CVE-2006-6134
BUGTRAQ
BID
mmgallery -- mmgallery
mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.
unknown
2006-11-26
2.3CVE-2006-6119
BUGTRAQ
SECTRACK
my little homepage -- My Little Weblog
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.
unknown
2006-11-24
2.3CVE-2006-6087
BUGTRAQ
FRSIRT
SECUNIA
XF
BID
Philippe Jounin -- Tftpd32
Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window.
unknown
2006-11-27
2.3CVE-2006-6141
BUGTRAQ
BID
FRSIRT
OSVDB
SECUNIA
XF
Qbik -- WinGate
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
unknown
2006-11-28
2.3CVE-2006-4518
IDEFENSE
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
REMLAB -- Web Mech Designer
REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message.
unknown
2006-11-27
2.3CVE-2006-5896
FULLDISC
OSVDB
XF
Sisfo Kampus -- Sisfo Kampus
Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter.
unknown
2006-11-27
2.3CVE-2006-6138
OTHER-REF
BID
Sisfo Kampus -- Sisfo Kampus
Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
unknown
2006-11-27
2.3CVE-2006-6139
FRSIRT
SECUNIA
Sun -- Solaris
snmpd in (1) the SUNWsmagt package in Solaris 10 before 20061122 and (2) certain versions of Net-SNMP running on Solaris allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a malformed TCP packet.
unknown
2006-11-24
2.3CVE-2006-5941
OTHER-REF
SUNALERT
FRSIRT
SECUNIA
BID
SECTRACK
Takeshi Kanno -- Haru Free PDF Library
Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.
unknown
2006-11-28
1.9CVE-2006-6146
OTHER-REF
OTHER-REF
BID
FRSIRT
tDiary -- tDiary
Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml.
unknown
2006-11-30
2.3CVE-2006-6174
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
unverse.net -- aBitWhizzy
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-11-24
2.3CVE-2006-6084
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
XF
vSpin.net -- Classified System
Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to inject arbitrary web script or HTML via (1) catname parameter to cat.asp or the (2) minprice parameter to search.asp.
unknown
2006-11-28
2.3CVE-2006-6153
BUGTRAQ
OTHER-REF
BID
SECTRACK
SECUNIA
Wabbit -- Wabbit PHP Gallery
Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php.
unknown
2006-11-30
2.3CVE-2006-6185
BUGTRAQ
MLIST
BID
FRSIRT
SECUNIA
XF
Back to top



Last updated December 04, 2006