Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Cyber Security Bulletin SB06-303 archive

Vulnerability Summary for the Week of October 23, 2006

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cyber Security Division (NCSD) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0

  • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9

  • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.


High Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
3Com -- SS3 4400 Switch firmware
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
unknown
2006-10-25
7.0CVE-2006-5382
OTHER-REF
FRSIRT
Alex -- DownloadEngine
Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) $_ENGINE[eng_dir] and possibly (2) spaw_root parameters in admin/includes/spaw/spaw_script.js.php, and the (3) $_ENGINE[eng_dir], (4) $spaw_root, (5) $spaw_dir, and (6) $spaw_base_url parameters in admin/includes/spaw/config/spaw_control.config.php, different vectors than CVE-2006-5291. NOTE: CVE analysis as of 20061021 is inconclusive, but suggests that some or all of the suggested attack vectors are ineffective.
unknown
2006-10-23
7.0CVE-2006-5459
BUGTRAQ
AOL -- AOL Security Edition
Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502.
unknown
2006-10-25
7.0CVE-2006-5501
IDEFENSE
AOL -- AOL Security Edition
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501.
unknown
2006-10-25
7.0CVE-2006-5502
IDEFENSE
Ascended Development -- Ascended Guestbook
PHP remote file inclusion vulnerability in embedded.php in Ascended Guestbook 1.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter.
unknown
2006-10-26
7.0CVE-2006-5531
OTHER-REF
BID
FRSIRT
SECUNIA
XF
ben3w -- 2BGal
Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-25
7.0CVE-2006-5505
BID
SECUNIA
Castor -- Castor
Multiple PHP remote file inclusion vulnerabilities in Castor 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib/dbconnect.php, (3) lib/error.php, (4) lib/menu.php, and other unspecified files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-24
7.0CVE-2006-5481
FRSIRT
SECUNIA
Ceary -- UltraCMS
Multiple SQL injection vulnerabilities in include/index.php in UltraCMS 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
unknown
2006-10-25
7.0CVE-2006-5491
BUGTRAQ
BID
SECTRACK
Christopher Fowler -- RSSonate
Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/.
unknown
2006-10-26
7.0CVE-2006-5518
OTHER-REF
BID
FRSIRT
SECUNIA
XF
DeltaScripts -- PHP Classifieds
PHP remote file inclusion vulnerability in functions.php in DeltaScripts PHP Classifieds 7.1 allows remote attackers to execute arbitrary PHP code via a URL in the set_path parameter.
unknown
2006-10-26
7.0CVE-2006-5520
BUGTRAQ
BID
XF
Der Dirigent -- Der Dirigent
Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, and (9) table_rowprop.php in backend/external/wysiswg/popups/. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-25
7.0CVE-2006-5507
BID
SECUNIA
DigitalHive -- DigitalHive
PHP remote file inclusion vulnerability in template/purpletech/base_include.php in DigitalHive 2.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
unknown
2006-10-25
7.0CVE-2006-5493
BUGTRAQ
OTHER-REF
BID
SECTRACK
XF
Digium -- Asterisk
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
unknown
2006-10-23
7.0CVE-2006-5444
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OPENPKG
BID
FRSIRT
SECTRACK
SECUNIA
FULLDISC
CERT-VN
Drupal -- Drupal
Multiple cross-site scripting (XSS) vulnerabilities in the XML parser in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allow remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
unknown
2006-10-24
7.0CVE-2006-5475
BUGTRAQ
OTHER-REF
OPENPKG
FRSIRT
SECUNIA
Drupal -- Drupal
Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows remote attackers to perform unauthorized actions as an arbitrary user via unspecified vectors.
unknown
2006-10-24
7.0CVE-2006-5476
BUGTRAQ
OTHER-REF
OPENPKG
FRSIRT
SECUNIA
XF
EZ-Ticket -- EZ-Ticket
PHP remote file inclusion vulnerability in common.php in EZ-Ticket 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ezt_root_path parameter.
unknown
2006-10-26
7.0CVE-2006-5523
OTHER-REF
BID
XF
Fully Modded phpBB -- Fully Modded phpBB
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b) index.php, (c) list.php, (d) login.php, (e) playlist.php, (f) song.php, (g) gen_m3u.php, (h) view_artist.php, (i) view_song.php, (j) flash/set_na.php, (k) flash/initialise.php, (l) flash/get_song.php, (m) includes/common.php, (n) admin/nav.php, (o) admin/main.php, (p) admin/list_artists.php, (q) admin/index.php, (r) admin/genres.php, (s) admin/edit_artist.php, (t) admin/edit_album.php, (u) admin/config.php, and (v) admin/admin_status.php in player/, different vectors than CVE-2006-3045. NOTE: CVE analysis as of 20061026 indicates that files in the admin/ and flash/ directories define foing_root_path before use.
unknown
2006-10-26
7.0CVE-2006-5526
OTHER-REF
FRSIRT
SECUNIA
XF
Hinton Design -- phpht Topsites
PHP remote file inclusion vulnerability in common.php in Hinton Design phpht Topsites allows remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter.
unknown
2006-10-23
7.0CVE-2006-5458
Milw0rm
FRSIRT
SECUNIA
Hinton Design -- phpht Topsites
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Hinton Design phpht Topsites allow remote attackers to execute arbitrary PHP code via a URL in the phpht_real_path parameter to (1) index.php, (2) certain other scripts in the top-level directory, and (3) certain scripts in the admin/ directory. NOTE: CVE disputes this vulnerability because $phpht_real_path is defined before use in index.php and most other files except common.php, which is already covered by CVE-2006-5458.
unknown
2006-10-23
7.0CVE-2006-5460
BUGTRAQ
Intelimen -- InteliEditor
PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.
unknown
2006-10-26
7.0CVE-2006-5527
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Johannes Erdfelt -- Kawf
Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt Kawf 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config parameter in (1) main.php or (2) user/account/main.php.
unknown
2006-10-26
7.0CVE-2006-5522
OTHER-REF
BID
XF
Kinesis -- Kinesis Interactive Cinema System
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
unknown
2006-10-23
7.0CVE-2006-5450
BUGTRAQ
BID
SECUNIA
MambWeather -- MambWeather
PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
unknown
2006-10-26
7.0CVE-2006-5519
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Microsoft -- Windows Digital Rights Management System
The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow.
unknown
2006-10-23
8.0CVE-2006-5448
BUGTRAQ
Net_DNS -- Net_DNS
PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
unknown
2006-10-26
7.0CVE-2006-5521
OTHER-REF
BID
XF
Novell -- eDirectory
Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended.
unknown
2006-10-24
7.0CVE-2006-4177
IDEFENSE
OTHER-REF
BID
SECUNIA
SECTRACK
Novell -- eDirectory
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
2006-08-17
2006-10-24
10.0CVE-2006-4509
IDEFENSE
BID
SECUNIA
SECTRACK
Novell -- eDirectory
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
2006-08-17
2006-10-24
10.0CVE-2006-4510
IDEFENSE
BID
SECUNIA
SECTRACK
Novell -- eDirectory
Stack-based buffer overflow in the BuildRedirectURL function in the HTTP Protocol Stack (httpstk) iMonitor module in Novell eDirectory before 8.8.1 FTF1 on Windows, Linux, and Open Enterprise Server (OES) SP2 allows remote attackers to execute arbitrary code via a long Host HTTP header.
2006-09-08
2006-10-24
7.0CVE-2006-5478
OTHER-REF
OTHER-REF
BID
SECUNIA
OneOrZero -- OneOrZero Helpdesk
The "forgot password" function in OneOrZero Helpdesk before 1.6.5.4 generates insecure passwords by concatenating the current timestamp with the username, which allows remote attackers to gain access as an arbitrary user by requesting a password reset.
2006-09-28
2006-10-24
7.0CVE-2006-5474
BUGTRAQ
OTHER-REF
OTHER-REF
BID
SECUNIA
PHP-Nuke -- PHP-Nuke
Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL in the (1) adminpath or (2) basepath parameters.
unknown
2006-10-25
7.0CVE-2006-5494
OTHER-REF
BID
FRSIRT
SECUNIA
PHPList -- PHPList
Cross-site scripting (XSS) vulnerability in index.php in phplist 2.10.2 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: This issue might overlap CVE-2006-5321.
unknown
2006-10-26
7.0CVE-2006-5524
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
Rhode Island Secretary of State -- Open Meetings Filing System
Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing System allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) editmeetings/session.php, (2) email/session.php, (3) entityproperties/session.php, or (4) inc/mail.php.
unknown
2006-10-26
7.0CVE-2006-5517
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
SchoolAlumni Portal -- SchoolAlumni Portal
Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-10-26
7.0CVE-2006-5528
BID
SECTRACK
SchoolAlumni Portal -- SchoolAlumni Portal
Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information.
unknown
2006-10-26
7.0CVE-2006-5529
BID
SECTRACK
Segue CMS -- Segue CMS
Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
unknown
2006-10-25
7.0CVE-2006-5490
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Segue CMS -- Segue CMS
PHP remote file inclusion vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the themesdir parameter.
unknown
2006-10-25
7.0CVE-2006-5497
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Segue CMS -- Segue CMS
Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter.
unknown
2006-10-25
7.0CVE-2006-5498
OTHER-REF
FRSIRT
XF
Serendipity -- Serendipity
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity (s9y) 1.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the media manager administration page.
unknown
2006-10-25
7.0CVE-2006-5499
BUGTRAQ
OTHER-REF
OTHER-REF
BID
FRSIRT
SECTRACK
SECUNIA
Softerra -- PHP Developer Library
PHP remote file inclusion vulnerability in example/lib/grid3.lib.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) cfg_dir and (2) lib_dir parameters.
unknown
2006-10-24
7.0CVE-2006-5471
BUGTRAQ
OTHER-REF
SECTRACK
XF
Softerra -- PHP Developer Library
PHP remote file inclusion vulnerability in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter in (1) lib/registry.lib.php, (2) lib/sqlcompose.lib.php, and (3) lib/sqlsearch.lib.php.
unknown
2006-10-24
7.0CVE-2006-5472
OTHER-REF
FRSIRT
OSVDB
OSVDB
OSVDB
SECUNIA
XF
Softerra -- PHP Developer Library
** DISPUTED ** PHP remote file inclusion vulnerability in Description.php in Softerra PHP Developer Library 1.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the lib_dir parameter. NOTE: this issue is disputed by CVE as of 20061023, since there is no Description.php file included in the product, and the existing "Description" file contains documentation, not functioning code.
unknown
2006-10-24
7.0CVE-2006-5473
BUGTRAQ
MLIST
MLIST
SpeedBerg -- SpeedBerg
Multiple PHP remote file inclusion vulnerabilities in SpeedBerg 1.2beta1 allow remote attackers to execute arbitrary PHP code via a URL in the SPEEDBERG_PATH parameter to (1) entrancePage.tpl.php, (2) generalToolBox.tlb.php, (3) myToolBox.tlb.php, (4) scriplet.inc.php, (5) simplePage.tpl.php, (6) speedberg.class.php, and (7) standardPage.tpl.php.
unknown
2006-10-24
7.0CVE-2006-5485
BUGTRAQ
MLIST
BID
Trawler -- Trawler Web CMS
Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS 1.8.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_red2 parameter to (a) _msdazu_pdata/redaktion/artikel/up/index.php; (b) addtort.php, (c) colorpik2.php, (d) colorpik3.php, (e) extras_menu.php, (f) farbpalette.php, (g) lese_inc.php, and (h) newfile.php in _msdazu_share/richtext/; the (2) path_scr_dat2 parameter to (i)_msdazu_share/share/insert1.php; the (3) path_red parameter to (j) _msdazu_share/extras/downloads/index.php; and unspecified parameters in other files.
unknown
2006-10-25
7.0CVE-2006-5495
OTHER-REF
OTHER-REF
BID
SECUNIA
UeberProject Management System -- UeberProject Management System
PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.
unknown
2006-10-26
7.0CVE-2006-5539
OTHER-REF
FRSIRT
SECUNIA
XF
WiClear -- WiClear
Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (3) inc/lib/tools.lib.php, (4) tools/trackback/index.php, and (5) tools/utf8conversion/index.php in admin/; and (6) prepend.inc.php, (7) lib/boxes.lib.php, and (7) lib/history.lib.php in inc/.
unknown
2006-10-25
7.0CVE-2006-5506
OTHER-REF
SECUNIA
XF
WoltLab -- Burning Book
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
unknown
2006-10-25
7.0CVE-2006-5509
BUGTRAQ
OTHER-REF
FRSIRT
XChangeBoard -- XChangeBoard
SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-25
7.0CVE-2006-5488
BID
SECUNIA
XF
Xoops -- Xoops RMSoft Gallery System
Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information.
unknown
2006-10-26
7.0CVE-2006-5532
BUGTRAQ
BID
FRSIRT
SECTRACK
SECUNIA
XF
Back to top

Medium Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
AROUNDMe -- AROUNDMe
Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.tpl.php and other unspecified PHP scripts, a different vector than CVE-2006-5401.
2006-10-21
2006-10-26
5.6CVE-2006-5533
BUGTRAQ
FULLDISC
SECTRACK
XF
Casinosoft -- Casino Script
SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter.
unknown
2006-10-23
5.6CVE-2006-5446
OTHER-REF
BID
SECUNIA
Castor -- Castor
PHP remote file inclusion vulnerability in lib/rs.php in Castor 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
unknown
2006-10-24
5.6CVE-2006-5480
Milw0rm
BID
FRSIRT
SECUNIA
XF
GeoNetwork -- opensource
SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors.
unknown
2006-10-26
4.7CVE-2006-5513
OTHER-REF
BID
FRSIRT
SECUNIA
GraphicsMagick -- GraphicsMagick
ImageMagick -- ImageMagick
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
unknown
2006-10-23
5.6CVE-2006-5456
BUGZILLA
Horde -- Ingo H3
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.
unknown
2006-10-23
4.2CVE-2006-5449
MLIST
OTHER-REF
BID
FRSIRT
SECUNIA
HP -- Tru64 UNIX
HP -- HP-UX
Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument.
unknown
2006-10-23
4.9CVE-2006-5452
OTHER-REF
HP
SECTRACK
SECTRACK
SECTRACK
XF
HP
BID
FRSIRT
FRSIRT
SECUNIA
SECUNIA
JaxUltraBB -- JaxUltraBB
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
unknown
2006-10-25
4.7CVE-2006-5511
OTHER-REF
MLIST
BID
XF
PHP-Nuke -- PHP-Nuke
Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and earlier allows remote attackers to conduct SQL injection attacks via (1) "/**/UNION " or (2) " UNION/**/" sequences, which are not rejected by the protection mechanism, as demonstrated by a SQL injection via the eid parameter in a search action in the Encyclopedia module in modules.php.
unknown
2006-10-26
5.6CVE-2006-5525
OTHER-REF
OTHER-REF
BID
FRSIRT
SECUNIA
XF
phpPgAds -- phpPgAds
phpAdsNew -- phpAdsNew
Cross-site scripting (XSS) vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface.
unknown
2006-10-26
4.7CVE-2006-5515
BUGTRAQ
OTHER-REF
OTHER-REF
FRSIRT
FRSIRT
SECUNIA
SECUNIA
Sun -- Java System Messaging Server
Sun -- iPlanet Messaging Server
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
unknown
2006-10-24
5.6CVE-2006-5486
SUNALERT
Web Group Communication Center -- Web Group Communication Center
SQL injection vulnerability in quiz.php in Web Group Communication Center (WGCC) 0.5.6b and earlier allows remote attackers to execute arbitrary SQL commands via the qzid parameter.
unknown
2006-10-26
4.7CVE-2006-5514
OTHER-REF
BID
XF
WikiNi -- WikiNi
Multiple cross-site scripting (XSS) vulnerabilities in actions/usersettings.php in WikiNi before 0.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters to wakka.php.
unknown
2006-10-26
4.7CVE-2006-5516
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
BID
SECUNIA
WoltLab -- Burning Book
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
unknown
2006-10-25
4.7CVE-2006-5508
BUGTRAQ
OTHER-REF
FRSIRT
XChangeBoard -- XChangeBoard
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-25
5.6CVE-2006-5500
FRSIRT
Zwahlen Informatik -- Online Shop
Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen Online Shop allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
unknown
2006-10-25
4.7CVE-2006-5512
BUGTRAQ
Back to top

Low Vulnerabilities
Primary
Vendor -- Product		Description
Discovered
Published
CVSS ScoreSource & Patch Info
bluevirus-design -- PH Pexplorer
Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.
unknown
2006-10-25
2.3CVE-2006-5510
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Boesch -- SimpNews
Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
unknown
2006-10-26
2.3CVE-2006-5530
OTHER-REF
BID
FRSIRT
SECUNIA
Casinosoft -- Casino Script
Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.
unknown
2006-10-23
2.3CVE-2006-5457
OTHER-REF
cPanel -- cPanel
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate.
unknown
2006-10-26
2.3CVE-2006-5535
BUGTRAQ
OTHER-REF
BID
SECUNIA
D-Link -- DSL-G624T
Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.
unknown
2006-10-26
2.3CVE-2006-5536
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA
D-Link -- DSL-G624T
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters.
unknown
2006-10-26
2.3CVE-2006-5537
BUGTRAQ
OTHER-REF
FRSIRT
SECUNIA
D-Link -- DSL-G624T
D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request.
unknown
2006-10-26
2.3CVE-2006-5538
BUGTRAQ
OTHER-REF
Dev -- Dev Web Management System
Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
unknown
2006-10-23
2.3CVE-2006-5447
BUGTRAQ
OTHER-REF
XF
Digium -- Asterisk
Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary.
unknown
2006-10-23
3.3CVE-2006-5445
OTHER-REF
OTHER-REF
OTHER-REF
OPENPKG
FRSIRT
XF
Drupal -- Drupal
Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form submissions to be redirected, which allows remote attackers to obtain arbitrary form information via a crafted URL.
unknown
2006-10-24
1.9CVE-2006-5477
BUGTRAQ
OTHER-REF
OPENPKG
BID
FRSIRT
SECUNIA
XF
FreeBSD -- FreeBSD
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.
unknown
2006-10-24
1.6CVE-2006-5482
MLIST
SECUNIA
FreeBSD -- FreeBSD
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
unknown
2006-10-24
1.6CVE-2006-5483
MLIST
OTHER-REF
SECUNIA
GNU -- screen
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
unknown
2006-10-24
1.9CVE-2006-4573
MLIST
Maarch -- Maarch
Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants."
unknown
2006-10-25
1.4CVE-2006-5492
OTHER-REF
BID
FRSIRT
SECUNIA
XF
Mozilla -- Bugzilla
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers using the H1, H2, and H3 HTML tags in global/header.html.tmpl, (2) description fields of certain items in various edit cgi scripts, and (3) the id parameter in showdependencygraph.cgi.
unknown
2006-10-23
1.4CVE-2006-5453
BUGTRAQ
BUGZILLA
BUGZILLA
BUGZILLA
FRSIRT
OSVDB
SECTRACK
Mozilla -- Bugzilla
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the deadline field by viewing the XML format of the bug in show_bug.cgi.
unknown
2006-10-23
2.3CVE-2006-5454
BUGTRAQ
BUGZILLA
BUGZILLA
FRSIRT
SECTRACK
Mozilla -- Bugzilla
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.
unknown
2006-10-23
1.9CVE-2006-5455
BUGTRAQ
BUGZILLA
FRSIRT
Novell -- eDirectory
The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment."
unknown
2006-10-24
2.3CVE-2006-5479
NOVELL
PostgreSQL -- PostgreSQL
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization."
unknown
2006-10-26
1.4CVE-2006-5540
OTHER-REF
OTHER-REF
UBUNTU
BID
SECUNIA
SECUNIA
PostgreSQL -- PostgreSQL
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.
unknown
2006-10-26
1.4CVE-2006-5541
OTHER-REF
OTHER-REF
UBUNTU
BID
SECUNIA
SECUNIA
PostgreSQL -- PostgreSQL
backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements.
unknown
2006-10-26
1.4CVE-2006-5542
OTHER-REF
OTHER-REF
UBUNTU
BID
SECUNIA
SECUNIA
Research in Motion -- BlackBerry Enterprise Server
Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time.
unknown
2006-10-25
2.3CVE-2006-5489
OTHER-REF
FRSIRT
SECTRACK
SECUNIA
XF
Simple Machines -- Simple Machines Forum
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
unknown
2006-10-25
2.3CVE-2006-5503
BUGTRAQ
BID
XF
Simple Machines -- Simple Machines Forum
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.
unknown
2006-10-25
2.3CVE-2006-5504
BUGTRAQ
BUGTRAQ
BUGTRAQ
XF
SSH Communications Security -- SSH Tectia Manager
SSH Communications Security -- SSH Tectia Server
SSH Communications Security -- SSH Tectia Client
SSH Communications Security -- SSH Tectia Client/Server/Connector
SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 and earlier, and other products, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents Tectia from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
unknown
2006-10-24
2.3CVE-2006-5484
OTHER-REF
CERT-VN
FRSIRT
SECTRACK
SECTRACK
SECUNIA
Symantec -- Symantec Client Security
Symantec -- Symantec AntiVirus
The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.
unknown
2006-10-23
2.9CVE-2006-3455
SYMANTEC
SECUNIA
Timothy Claason -- KnowledgeBank
Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason KnowledgeBank 1.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) index.php, (2) addknowledge.php, and (3) addscreenshot.php.
unknown
2006-10-25
2.3CVE-2006-5496
BUGTRAQ
OTHER-REF
BID
SECTRACK
TorrentFlux -- TorrentFlux
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a) admin.php, which are not properly handled when the administrator views the Activity Log; and the (2) torrent parameter, as used by the displayName variable, in (b) startpop.php, different vectors than CVE-2006-5227.
unknown
2006-10-23
1.9CVE-2006-5451
BUGTRAQ
BUGTRAQ
BUGTRAQ
BUGTRAQ
OTHER-REF
OTHER-REF
OTHER-REF
OTHER-REF
FRSIRT
XIAO Gang -- WWW Interactive Mathematics Server
Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights."
unknown
2006-10-23
2.3CVE-2006-5443
OTHER-REF
FRSIRT
SECUNIA
XF
Zwahlen Informatik -- Online Shop
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) Kat, (2) id, or (3) no parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The cat parameter is covered by CVE-2006-5512.
unknown
2006-10-26
2.3CVE-2006-5534
FRSIRT
SECUNIA
Back to top



Last updated October 30, 2006