CVE-2006-0018 2005-11-29T16:03:00.000-05:00 2008-09-10T15:55:02.087-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3899. Reason: This candidate is a duplicate of CVE-2005-3899. Notes: All CVE users should reference CVE-2005-3899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:devellion:cubecart:3.0.6 CVE-2006-0064 2006-01-03T17:03:00.000-05:00 2008-09-10T15:55:14.307-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-03T17:39:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0016 MILW0RM 1398 PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. cpe:/a:vego:vego_web_forum:1.26 CVE-2006-0065 2006-01-03T17:03:00.000-05:00 2008-09-05T16:58:15.780-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:50:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability VUPEN ADV-2006-0003 SECUNIA 18273 MISC http://evuln.com/vulns/1/summary.html BID 16107 OSVDB 22140 SREASON 315 SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. cpe:/a:phpjournaler:phpjournaler:1.0 CVE-2006-0066 2006-01-03T17:03:00.000-05:00 2008-09-05T16:58:15.920-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:53:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16111 BUGTRAQ 20060101 [eVuln] PHPjournaler SQL Injection Vulnerability OSVDB 22149 VUPEN ADV-2006-0006 SECUNIA 18265 MISC http://evuln.com/vulns/9/summary.html SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. cpe:/a:vego:vego_links_builder:2.00 CVE-2006-0067 2006-01-03T17:03:00.000-05:00 2008-09-05T16:58:16.077-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:53:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0004 SECUNIA 18272 MISC http://evuln.com/vulns/2/summary.html BID 16108 OSVDB 22139 SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:primo_place:primo_cart:1.0 CVE-2006-0068 2006-01-03T18:03:00.000-05:00 2008-09-20T00:44:31.670-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:47:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0008 SECUNIA 18264 BID 16125 OSVDB 22147 OSVDB 22146 MISC http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php. cpe:/a:chipmunk_scripts:chipmunk_guestbook:1.4 CVE-2006-0069 2006-01-03T18:03:00.000-05:00 2008-09-05T16:58:16.357-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:48:00.000-05:00 BID 19087 BID 16112 BUGTRAQ 20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability SECUNIA 18270 MISC http://evuln.com/vulns/4/summary.html Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. cpe:/a:drupal:drupal:4.6.4 cpe:/a:drupal:drupal:4.5.6 CVE-2006-0070 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.497-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:28:00.000-05:00 BUGTRAQ 20060103 Re: Drupal all versiyon xss cehennem.org BUGTRAQ 20060102 Drupal all versiyon xss cehennem.org ** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE. cpe:/o:gentoo:linux cpe:/a:gentoo:app-crypt_pinentry:0.7.2:r1 cpe:/a:gentoo:app-crypt_pinentry:0.7.2 CVE-2006-0071 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.653-04:00 6.6 LOCAL LOW NONE COMPLETE COMPLETE NONE http://nvd.nist.gov 2006-01-04T08:39:00.000-05:00 BID 16120 GENTOO GLSA-200601-01 OSVDB 22211 SECUNIA 18284 The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. cpe:/o:sco:openserver:5.0.7 cpe:/o:sco:openserver:5.0.3 cpe:/o:sco:openserver:5.0.6a cpe:/o:sco:openserver:5.0.4 cpe:/o:sco:openserver:5.0 cpe:/o:sco:openserver:5.0.5 cpe:/o:sco:openserver:5.0.6 cpe:/o:sco:openserver:5.0.1 cpe:/o:sco:openserver:5.0.2 CVE-2006-0072 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.797-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:42:00.000-05:00 ALLOWS_USER_ACCESS BID 16122 BUGTRAQ 20060102 SCO Openserver 5.0.x exploit MISC http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. cpe:/a:discusware:discus_freeware:3.10.5 cpe:/a:discusware:discus_professional:3.10.4 CVE-2006-0073 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.967-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:44:00.000-05:00 BID 16119 OSVDB 22153 SECUNIA 18283 Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:jevontech:phpenpals:310704 CVE-2006-0074 2006-01-03T20:03:00.000-05:00 2009-06-02T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:20:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16109 BUGTRAQ 20060101 [eVuln] PHPenpals SQL Injection Vulnerabilit OSVDB 22150 MILW0RM 8706 VUPEN ADV-2006-0005 SECUNIA 18269 MISC http://evuln.com/vulns/5/summary.html SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected. cpe:/a:gnu:phpbook:1.0 cpe:/a:gnu:phpbook:1.1 cpe:/a:gnu:phpbook:1.2 cpe:/a:gnu:phpbook:1.3 cpe:/a:gnu:phpbook:1.3.2 CVE-2006-0075 2006-01-03T20:03:00.000-05:00 2008-09-05T16:58:17.263-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:22:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16106 BUGTRAQ 20060101 [eVuln] phpBook PHP Code Execution VUPEN ADV-2006-0002 MISC http://evuln.com/vulns/6/summary.html SECUNIA 18268 Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. CVE-2006-0076 2006-01-03T20:03:00.000-05:00 2008-09-05T16:58:17.420-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:23:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16105 BUGTRAQ 20060531 Re: OaBoard 1.0 Remote File inclusion BUGTRAQ 20060530 OaBoard 1.0 Remote File inclusion BUGTRAQ 20060101 [eVuln] oaBoard PHP Code Execution SECTRACK 1016211 MISC http://evuln.com/vulns/3/summary.html PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. cpe:/a:richard_dawe:file_extattr:0.1 cpe:/a:richard_dawe:file_extattr:0.2 CVE-2006-0077 2006-01-03T20:03:00.000-05:00 2008-09-05T16:58:17.577-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-04T08:26:00.000-05:00 BID 16118 VUPEN ADV-2006-0013 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116 SECUNIA 18253 OSVDB 22160 Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. cpe:/a:haddad_said:b-net_software:1.0 CVE-2006-0078 2006-01-04T01:03:00.000-05:00 2008-09-05T16:58:17.717-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:08:00.000-05:00 BID 16114 BUGTRAQ 20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities SECUNIA 18271 MISC http://evuln.com/vulns/10/summary.html BUGTRAQ 20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities OSVDB 22191 OSVDB 22190 VUPEN ADV-2006-0018 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067 SREASON 316 Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. cpe:/a:scoznet:scozbook:1.1_beta CVE-2006-0079 2006-01-04T01:03:00.000-05:00 2008-09-05T16:58:17.873-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:11:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16115 BUGTRAQ 20060102 [eVuln] ScozBook "adminname" Authentication Bypass MISC http://evuln.com/vulns/11/summary.html OSVDB 22221 VUPEN ADV-2006-0027 SREASON 318 SECUNIA 8476 SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). cpe:/a:jelsoft:vbulletin:3.5.2 CVE-2006-0080 2006-01-04T01:03:00.000-05:00 2008-09-05T16:58:18.013-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:13:00.000-05:00 BID 16116 BUGTRAQ 20060108 Html_Injection in vBulletin 3.5.2 BUGTRAQ 20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2 OSVDB 22220 OSVDB 22210 VUPEN ADV-2006-0033 SECUNIA 18299 MISC http://kapda.ir/advisory-177.html Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. cpe:/a:intel:graphics_accelerator_driver:6.14.10.4308 CVE-2006-0081 2006-01-04T01:03:00.000-05:00 2008-09-05T16:58:18.170-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-04T08:17:00.000-05:00 BID 16127 OSVDB 22196 VUPEN ADV-2006-0017 SECUNIA 18286 FULLDISC 20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] FULLDISC 20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected] ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title. cpe:/a:imagemagick:imagemagick:6.2.3 CVE-2006-0082 2006-01-04T18:03:00.000-05:00 2008-09-05T16:58:18.327-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:14:00.000-05:00 ALLOWS_USER_ACCESS BID 12717 GENTOO GLSA-200602-13.xml GENTOO GLSA-200602-06 SLACKWARE SSA:2006-045-03 SECUNIA 19183 SECUNIA 19030 SECUNIA 18851 SECUNIA 18607 MANDRIVA MDKSA-2006:024 SGI 20060301-01-U UBUNTU USN-246-1 SUSE SUSE-SR:2006:006 SECTRACK 1015623 SECUNIA 19408 SECUNIA 18871 SECUNIA 18261 REDHAT RHSA-2006:0178 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 CONFIRM https://issues.rpath.com/browse/RPL-389 BUGTRAQ 20061127 rPSA-2006-0218-1 ImageMagick MANDRIVA MDKSA-2006:024 VUPEN ADV-2008-0412 DEBIAN DSA-1213 SUNALERT 231321 SREASON 500 SECUNIA 28800 SECUNIA 23090 SECUNIA 22998 Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. cpe:/a:rasmp:rasmp:2.0.0 CVE-2006-0084 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:18.623-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-05T08:12:00.000-05:00 BID 16138 OSVDB 22198 VUPEN ADV-2006-0030 SECUNIA 18292 MISC http://evuln.com/vulns/13/summary.html SECTRACK 1015432 VIM 20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd) Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). cpe:/a:nkads:nkads:1.0alfa3 cpe:/a:nkads:nkads:1.0alfa2 CVE-2006-0085 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:18.763-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:55:00.000-05:00 ALLOWS_OTHER_ACCESS MISC http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt VUPEN ADV-2006-0040 SECUNIA 18302 OSVDB 22206 SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. cpe:/a:next_generation_image_gallery:next_generation_image_gallery:0.0.1_lite CVE-2006-0086 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:18.920-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:58:00.000-05:00 VUPEN ADV-2006-0037 SECUNIA 18309 OSVDB 22202 MISC http://osvdb.org/ref/22/22202-nextgen.txt Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. cpe:/a:lizard_cart:lizard_cart_cms:1.0.4 CVE-2006-0087 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.077-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:59:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16140 BUGTRAQ 20060104 [eVuln] Lizard Cart CMS SQL Injection Vulnerability VUPEN ADV-2006-0029 SECUNIA 18297 OSVDB 22200 OSVDB 22199 MISC http://www.evuln.com/vulns/12/summary.html SECTRACK 1015435 SREASON 314 SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:intouch:intouch:0.5.1_alpha CVE-2006-0088 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.217-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:02:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16110 BUGTRAQ 20060101 [eVuln] inTouch Authentication Bypass VUPEN ADV-2006-0026 MISC http://evuln.com/vulns/8/summary.html XF intouch-intouch-sql-injection(23954) OSVDB 22382 SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter. cpe:/a:esri:arcpad:7.0.0.156 CVE-2006-0089 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.373-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-06T09:03:00.000-05:00 BID 16136 VUPEN ADV-2006-0032 MISC http://users.pandora.be/bratax/advisories/b007.html SECUNIA 18294 OSVDB 22208 Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. cpe:/a:idv_directory_viewer:idv_directory_viewer:2005.1_b1 CVE-2006-0090 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.513-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T09:05:00.000-05:00 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499 VUPEN ADV-2006-0031 SECUNIA 18298 BID 16137 Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter. cpe:/a:open-xchange:open-xchange:0.8.1.6 CVE-2006-0091 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.653-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T09:06:00.000-05:00 VUPEN ADV-2006-0034 SECUNIA 18285 FULLDISC 20060103 Open Xchange XSS SECTRACK 1015431 Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. CVE-2006-0092 2006-01-05T06:03:00.000-05:00 2008-09-10T15:55:26.397-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a duplicate of a SiteSuite issue that was also assigned CVE-2006-0158. Notes: All CVE users should consult CVE-2006-0992 and CVE-2006-0158 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:ecardmax.com:atcard_me_php CVE-2006-0093 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:19.903-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T09:11:00.000-05:00 OSVDB 22203 VUPEN ADV-2006-0039 SECUNIA 18306 MISC http://osvdb.org/ref/22/22203-ecardmax.txt Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. CVE-2006-0094 2006-01-05T06:03:00.000-05:00 2008-09-05T16:58:20.043-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:12:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0028 SECUNIA 17373 PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. CVE-2006-0063 2006-01-05T14:03:00.000-05:00 2008-09-05T16:58:15.483-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:53:00.000-05:00 MISC http://securityreason.com/securityalert/313 SREASONRES 20060105 phpBB 2.0.19 XSS OSVDB 22672 VUPEN ADV-2006-0051 Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. cpe:/a:rockliffe:mailsite:7.0.3.1 cpe:/a:rockliffe:mailsite:6.1.22 CVE-2006-0341 2006-01-06T00:00:00.000-05:00 2008-09-05T16:58:59.917-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-23T10:32:00.000-05:00 VUPEN ADV-2006-0284 SECUNIA 18551 FULLDISC 20060120 RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability XF mailsite-wconsole-xss(24256) BID 16330 OSVDB 22677 Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.1 CVE-2006-0095 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:20.200-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T08:11:00.000-05:00 MLIST [linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it MLIST [linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak XF kernel-dmcrypt-information-disclosure(24189) UBUNTU USN-244-1 TRUSTIX 2006-0004 BID 16301 FEDORA FLSA:157459-4 REDHAT RHSA-2006:0132 FEDORA FEDORA-2006-102 OSVDB 22418 SUSE SUSE-SA:2006:028 MANDRIVA MDKSA-2006:040 VUPEN ADV-2006-0235 DEBIAN DSA-1017 SECTRACK 1015740 SREASON 388 SECUNIA 20398 SECUNIA 19374 SECUNIA 19160 SECUNIA 18774 SECUNIA 18527 SECUNIA 18487 MANDRIVA MDKSA-2006:040 dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.4.23_ow2 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.4.27:pre2 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.4.27:pre3 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.4.27:pre1 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.4.27:pre4 cpe:/o:linux:linux_kernel:2.4.27:pre5 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.4.28 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.25 cpe:/o:linux:linux_kernel:2.4.26 cpe:/o:linux:linux_kernel:2.4.27 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.4.24_ow1 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.0:test1 CVE-2006-0096 2006-01-06T06:03:00.000-05:00 2008-11-20T00:00:00.000-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-06T08:13:00.000-05:00 MANDRIVA MDKSA-2006:044 UBUNTU USN-244-1 BID 16304 CONFIRM http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f DEBIAN DSA-1017 SECUNIA 19374 SECUNIA 18977 SECUNIA 18527 CONFIRM http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels. cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 CVE-2006-0097 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.123-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:17:00.000-05:00 ALLOWS_USER_ACCESS BID 16145 BUGTRAQ 20060105 Windows PHP 4.x "0-day" buffer overflow CONFIRM http://www.php.net/ChangeLog-4.php#4.4.3 OSVDB 22232 VUPEN ADV-2006-0046 SECUNIA 18275 FULLDISC 20060105 Windows PHP 4.x "0-day" buffer overflow FULLDISC 20060108 RE: Windows PHP 4.x "0-day" buffer overflow Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. cpe:/o:openbsd:openbsd:3.8 cpe:/o:openbsd:openbsd:3.7 CVE-2006-0098 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.280-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:21:00.000-05:00 BID 16144 OPENBSD [3.7] 20060105 008: SECURITY FIX: January 5, 2006 SECUNIA 18296 MISC ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch OSVDB 22231 SECTRACK 1015437 The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. cpe:/a:valdersoft:valdersoft_shopping_cart:3.0 CVE-2006-0099 2006-01-06T06:03:00.000-05:00 2008-09-10T15:55:27.477-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:27:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16126 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl MILW0RM 1401 PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. cpe:/a:nicosw:nicoftp:3.0.1.19 CVE-2006-0100 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.577-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:30:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 20060102 NicoFTP Stack Overflow SREASON 317 Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. cpe:/a:sblog:sblog:0.7.1_build2005-12-02_beta CVE-2006-0101 2006-01-06T00:00:00.000-05:00 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.747-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:31:00.000-05:00 XF sblog-multiple-scripts-xss(23979) OSVDB 22374 OSVDB 22373 VUPEN ADV-2006-0041 MISC http://osvdb.org/ref/22/22373-sblog.txt Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. cpe:/a:ralph_capper:tinyphpforum:3.47 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.6 CVE-2006-0102 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.887-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:36:00.000-05:00 BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities OSVDB 22256 VUPEN ADV-2006-0054 SECTRACK 1015436 SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html SREASON 320 Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. cpe:/a:ralph_capper:tinyphpforum:3.47 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.6 CVE-2006-0103 2006-01-06T06:03:00.000-05:00 2008-09-10T15:55:31.057-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T08:47:00.000-05:00 BUGTRAQ 20060417 Tiny PHP forum - vulns BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities OSVDB 22257 VUPEN ADV-2006-0054 SECTRACK 1015436 SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html XF tinyphpforum-users-information-disclosure(24016) SREASON 320 TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. cpe:/a:ralph_capper:tinyphpforum:3.47 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.6 CVE-2006-0104 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:22.217-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:49:00.000-05:00 BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities VUPEN ADV-2006-0054 SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html MISC http://evuln.com/vulns/14/exploit.html BID 16163 OSVDB 22258 SECTRACK 1015436 SREASON 320 Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php. cpe:/a:wine:wine:0.9.4 cpe:/a:wine:wine:2005-09-30 cpe:/a:wine:wine:0.9.5 cpe:/a:wine:wine:0.9.2 CVE-2006-0106 2006-01-06T13:03:00.000-05:00 2008-09-05T16:58:22.543-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:45:00.000-05:00 ALLOWS_USER_ACCESS VUPEN ADV-2006-0098 SECUNIA 18323 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197 MLIST [Dailydave] 20060105 WMF goes away :< XF win-wmf-execute-code(23846) BUGTRAQ 20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability SUSE SUSE-SR:2006:002 MANDRIVA MDKSA-2006:014 GENTOO GLSA-200601-09 DEBIAN DSA-954 SECUNIA 18578 SECUNIA 18549 SECUNIA 18451 MANDRIVA MDKSA-2006:014 gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. cpe:/a:idea_development_id_oy:timecan_cms CVE-2006-0107 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:22.717-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:36:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16159 OSVDB 22252 SECUNIA 18324 XF timecancms-sql-injection(24014) SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108. cpe:/a:idea_development_id_oy:timecan_cms CVE-2006-0108 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:22.857-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:37:00.000-05:00 ALLOWS_OTHER_ACCESS OSVDB 22253 OSVDB 22252 VUPEN ADV-2006-0078 XF timecancms-sql-injection(24014) SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107. cpe:/a:modular_merchant:shopping_cart CVE-2006-0109 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:23.013-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:40:00.000-05:00 SECUNIA 18320 BID 16160 OSVDB 22243 MISC http://www.modularmerchant.com/forums/viewtopic.php?t=46 VUPEN ADV-2006-0076 MISC http://osvdb.org/ref/22/22243-modular.txt VIM 20060214 vendor ack/fix 22243: Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS (fwd) Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. cpe:/a:javier_suarez_sanz:foro_domus:2.10 CVE-2006-0110 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:23.170-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-05-11T10:55:00.000-04:00 BID 16154 BUGTRAQ 20060106 [eVuln] Proyecto Domus 'email' XSS Vulnerability OSVDB 22263 VUPEN ADV-2006-0073 SECUNIA 18327 MISC http://evuln.com/vulns/16/summary.html XF domus-escribir-xss(24020) Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. cpe:/a:boxcar_media:shopping_cart CVE-2006-0111 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:23.403-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:41:00.000-05:00 XF boxcar-index-xss(24019) OSVDB 22360 VUPEN ADV-2006-0080 MISC http://osvdb.org/ref/22/22360-boxcar.txt Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. cpe:/a:enhanced_simple_php_gallery:enhanced_simple_php_gallery:1.7 CVE-2006-0112 2006-01-06T20:03:00.000-05:00 2008-09-05T16:58:23.577-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:33:00.000-05:00 OSVDB 22201 VUPEN ADV-2006-0036 SECUNIA 18310 MISC http://osvdb.org/ref/22/22201-espg.txt Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. cpe:/a:enhanced_simple_php_gallery:enhanced_simple_php_gallery:1.7 CVE-2006-0113 2006-01-06T20:03:00.000-05:00 2008-09-05T16:58:23.733-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:34:00.000-05:00 SECUNIA 18310 MISC http://osvdb.org/ref/22/22201-espg.txt OSVDB 22417 Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. cpe:/a:joomla:joomla:1.0.5 CVE-2006-0114 2006-01-09T00:00:00.000-05:00 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:23.873-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-09T08:26:00.000-05:00 BID 16185 VUPEN ADV-2006-0097 SECUNIA 18361 CONFIRM http://forum.joomla.org/index.php/topic,29031.0.html CONFIRM http://forge.joomla.org/sf/go/artf2950 XF joomla-vcard-information-disclosure(24042) The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. cpe:/a:oneplug_solutions:oneplug_cms CVE-2006-0115 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.030-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T08:28:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16155 OSVDB 22250 OSVDB 22249 OSVDB 22248 VUPEN ADV-2006-0079 SECUNIA 18325 MISC http://osvdb.org/ref/22/22248-oneplug.txt Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. cpe:/a:inetstore:inetstore_online CVE-2006-0116 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.187-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T08:29:00.000-05:00 BID 16156 BUGTRAQ 20060126 Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting OSVDB 22251 VUPEN ADV-2006-0075 VIM 20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd) SECUNIA 18322 MISC http://osvdb.org/ref/22/22251-inetstore.txt Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_domino:6.5.0 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 CVE-2006-0117 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.340-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T10:06:00.000-05:00 BID 16158 SECUNIA 18328 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-cdtomime-dos(24205) VUPEN ADV-2006-0081 Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_domino:6.5.0 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 CVE-2006-0118 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.530-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T10:08:00.000-05:00 BID 16158 SECUNIA 18328 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-long-formula-bo(24206) VUPEN ADV-2006-0081 Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_domino:6.5.0 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 CVE-2006-0119 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.700-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-09T13:06:00.000-05:00 BID 16158 SECUNIA 18328 BID 18020 BUGTRAQ 20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service VUPEN ADV-2006-2564 VUPEN ADV-2006-0081 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument&Highlight=0,GPKS6C9J67 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument&Highlight=0,GPKS5YQGPT CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument&Highlight=0,KSPR699NBP CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument&Highlight=0,GPKS6C9J67 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0,HSAO6BNL6Y CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0,JGAN6B6TZ3 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 SECTRACK 1016390 SECUNIA 20855 XF domino-smtp-nrouter-dos(27413) XF lotus-web-unspecified-xss(24211) XF lotus-multiple-unspecified(24207) Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_domino:6.5.0 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 CVE-2006-0120 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:24.873-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T13:15:00.000-05:00 BID 16158 SECUNIA 18328 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-ssl-keyring-dos(24217) XF lotus-certificate-parsing-dos(24216) XF lotus-delete-attachment-dos(24215) XF lotus-bmp-dos(24214) XF lotus-compact-dos(24213) XF lotus-outofoffice-dos(24212) VUPEN ADV-2006-0081 Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_domino:6.5.0 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 CVE-2006-0121 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.060-04:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-09T13:17:00.000-05:00 BID 16158 SECUNIA 18328 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-ssl-handshake-dos(24223) VUPEN ADV-2006-0081 Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. cpe:/a:aquifer_cms:aquifer_cms CVE-2006-0122 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.247-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:18:00.000-05:00 OSVDB 22247 BID 16162 VUPEN ADV-2006-0074 SECUNIA 18326 MISC http://osvdb.org/ref/22/22247-aquifer.txt VIM 20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd) Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. cpe:/a:adn_forum:adn_forum:1.0 cpe:/a:adn_forum:adn_forum:1.0b CVE-2006-0123 2006-01-05T00:00:00.000-05:00 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.387-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T13:23:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16157 BUGTRAQ 20060105 [eVuln] ADNForum Multiple Vulnerabilities OSVDB 22241 OSVDB 22240 VUPEN ADV-2006-0077 SECTRACK 1015445 SECUNIA 18300 MISC http://evuln.com/vulns/15/summary.html Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. cpe:/a:adn_forum:adn_forum:1.0 cpe:/a:adn_forum:adn_forum:1.0b CVE-2006-0124 2006-01-09T06:03:00.000-05:00 2009-04-03T00:46:08.983-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:24:00.000-05:00 BID 16157 BUGTRAQ 20060105 [eVuln] ADNForum Multiple Vulnerabilities VUPEN ADV-2006-0077 SECUNIA 18300 MISC http://evuln.com/vulns/15/summary.html OSVDB 22242 SECTRACK 1015445 Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. cpe:/a:appserv_open_project:appserv:2.4.5 CVE-2006-0125 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.687-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:27:00.000-05:00 OSVDB 22228 VUPEN ADV-2006-0053 SECUNIA 18163 BID 16166 Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. cpe:/a:rxvt-unicode:rxvt-unicode:6.2 CVE-2006-0126 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.840-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T13:30:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 22223 VUPEN ADV-2006-0052 SECUNIA 18301 CONFIRM http://dist.schmorp.de/rxvt-unicode/Changes rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. cpe:/a:rockliffe:mailsite:6.1.22.0 CVE-2006-0127 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:25.983-04:00 4.0 NETWORK LOW SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:05:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt OSVDB 22229 VUPEN ADV-2006-0055 SECUNIA 18318 FULLDISC 20060104 Rockliffe Directory Transversal Vulnerability FULLDISC 20060105 Re: Rockliffe Directory Transversal Vulnerability Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. cpe:/a:rockliffe:mailsite:6.1.22.0 CVE-2006-0128 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.123-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T09:06:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt FULLDISC 20060104 Rockliffe Directory Transversal Vulnerability XF rockliffe-imap-unspecified-bo(39991) Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. cpe:/a:rockliffe:mailsite:7.0.3.1 CVE-2006-0129 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.277-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:08:00.000-05:00 VUPEN ADV-2006-0055 SECUNIA 18318 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt OSVDB 22230 FULLDISC 20060104 Rockliffe Mailsite User Enumeration Flaw Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. cpe:/a:rockliffe:mailsite:7.0.3.1 CVE-2006-0130 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.420-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:10:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt FULLDISC 20060104 Rockliffe Mailsite User Enumeration Flaw Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. cpe:/a:boastmachine:boastmachine:3.1 CVE-2006-0131 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.577-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:12:00.000-05:00 BUGTRAQ 20060105 [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 MISC http://echo.or.id/adv/adv26-K-159-2006.txt boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message. cpe:/a:webftp:webftp:1.2.6 CVE-2006-0132 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.717-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:14:00.000-05:00 VUPEN ADV-2006-0090 SECUNIA 18355 BID 16175 BUGTRAQ 20060104 SysCP WebFTP local file inclusion vulnerability XF webftp-language-file-include(24018) Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. cpe:/o:ibm:aix:5.3_ml03 CVE-2006-0133 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.873-04:00 3.6 LOCAL LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:16:00.000-05:00 BID 16103 BID 16102 BUGTRAQ 20060101 [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities SECTRACK 1015429 Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273. cpe:/a:thewebforum:thewebforum:1.2.1 CVE-2006-0134 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.027-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:18:00.000-05:00 BID 16161 BUGTRAQ 20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass VUPEN ADV-2006-0093 SECTRACK 1015450 SECUNIA 18392 MISC http://evuln.com/vulns/17/summary.html MISC http://evuln.com/vulns/17/exploit.html XF thewebforum-register-xss(24007) OSVDB 22295 Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. cpe:/a:thewebforum:thewebforum:1.2.1 CVE-2006-0135 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.170-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:20:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16161 BUGTRAQ 20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass VUPEN ADV-2006-0093 SECTRACK 1015450 SECUNIA 18392 MISC http://evuln.com/vulns/17/summary.html MISC http://evuln.com/vulns/17/exploit.html XF thewebforum-login-sql-injection(24027) OSVDB 22294 SREASON 321 SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). cpe:/a:phanatic_softwares:chimera_web_portal:0.2 CVE-2006-0136 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.310-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:24:00.000-05:00 BID 16113 BUGTRAQ 20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities VUPEN ADV-2006-0025 MISC http://evuln.com/vulns/7/summary.html MISC http://evuln.com/vulns/7/exploit.html Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. cpe:/a:phanatic_softwares:chimera_web_portal:0.2 CVE-2006-0137 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.467-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:24:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16113 BUGTRAQ 20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities VUPEN ADV-2006-0025 MISC http://evuln.com/vulns/7/summary.html MISC http://evuln.com/vulns/7/exploit.html XF chimera-linkcategory-sql-injection(23963) OSVDB 22420 SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:amsn:amsn CVE-2006-0138 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.607-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-11T09:26:00.000-05:00 MISC http://www.securiteam.com/exploits/5JP090KHFQ.html OSVDB 22186 aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). cpe:/a:pd9_software:megabbs:2.0 cpe:/a:pd9_software:megabbs:2.1 CVE-2006-0139 2006-01-09T13:03:00.000-05:00 2008-09-05T16:58:27.763-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-09T13:13:00.000-05:00 BID 16168 CONFIRM http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924 MISC http://www.hamid.ir/security/megabbs.txt VUPEN ADV-2006-0095 SECUNIA 18342 XF megabbs-sendprivatemessage-disclosure(24050) SECTRACK 1015452 The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. cpe:/a:navboard:navboard:17:beta2 cpe:/a:navboard:navboard:16 CVE-2006-0140 2006-01-09T14:07:00.000-05:00 2009-01-22T17:15:32.960-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:00:00.000-05:00 XF navboard-post-xss(24021) BID 16165 BUGTRAQ 20060107 [eVuln] NavBoard BBcode XSS Vulnerability OSVDB 22277 VUPEN ADV-2006-0092 SECUNIA 18345 MISC http://evuln.com/vulns/19/summary.html Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. cpe:/a:eudora:internet_mail_server:3.2.7 cpe:/a:eudora:internet_mail_server:3.2.6 cpe:/a:eudora:internet_mail_server:3.2.8 CVE-2006-0141 2006-01-09T00:00:00.000-05:00 2006-01-09T14:07:00.000-05:00 2008-09-05T16:58:28.077-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-05-10T15:59:00.000-04:00 VUPEN ADV-2006-0099 CONFIRM http://www.eudora.co.nz/updates.html SECUNIA 18356 BID 16179 XF eims-corrupted-mail-dos(24033) XF eims-ntlm-auth-dos(24032) Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. cpe:/a:andromeda_software:andromeda:1.9.3.4 CVE-2006-0142 2006-01-09T14:07:00.000-05:00 2008-09-05T16:58:28.217-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:01:00.000-05:00 BID 16183 VUPEN ADV-2006-0096 SECUNIA 18359 XF andromeda-script-xss(24031) Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000::sp4:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2000::sp4:professional CVE-2006-0143 2006-01-09T15:03:00.000-05:00 2008-09-05T16:58:28.373-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:58:00.000-05:00 ALLOWS_USER_ACCESS SECTRACK 1015453 BID 16167 BUGTRAQ 20060109 [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities BUGTRAQ 20060107 Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities VUPEN ADV-2006-0115 CONFIRM http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx XF win-gre-wmf-dos(24044) MISC http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. cpe:/a:stefan_frings:sms_server_tools CVE-2006-0083 2006-01-09T15:03:00.000-05:00 2008-09-05T16:58:18.467-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T15:14:00.000-05:00 ALLOWS_USER_ACCESS SECUNIA 18357 XF smstools-logging-format-string(24034) BID 16188 OSVDB 22287 DEBIAN DSA-930 SECUNIA 18343 Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors. cpe:/a:apache2triad:apache2triad cpe:/a:php:pear:0.2.2 CVE-2006-0144 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:28.623-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:28:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0148 SECUNIA 18390 XF gopear-proxy-redirection(24076) BID 16174 BUGTRAQ 20060109 New PEAR / Apache2Triad Exploit CONFIRM http://apache2triad.net/forums/viewtopic.php?p=14670 The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. cpe:/o:netbsd:netbsd:2.0 cpe:/o:netbsd:netbsd:1.6:beta cpe:/o:netbsd:netbsd:2.1 cpe:/o:netbsd:netbsd:1.6.1 cpe:/o:netbsd:netbsd:2.0.1 cpe:/o:netbsd:netbsd:1.6.2 cpe:/o:netbsd:netbsd:2.0.3 cpe:/o:netbsd:netbsd:2.0.2 cpe:/o:netbsd:netbsd:1.6 CVE-2006-0145 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:28.777-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:31:00.000-05:00 ALLOWS_USER_ACCESS BID 16173 MISC http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html BUGTRAQ 20060202 [SLAB] NetBSD / OpenBSD kernfs_xread patch evasion OSVDB 22293 SECUNIA 18712 SECUNIA 18388 NETBSD NetBSD-SA2006-001 XF netbsd-kernfs-memory-disclosure(24035) SREASON 405 The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. cpe:/a:mediabeez:mediabeez cpe:/a:mantis:mantis:0.19.4 cpe:/a:the_cacti_group:cacti:0.8.6g cpe:/a:postnuke_software_foundation:postnuke:0.761 cpe:/a:mantis:mantis:1.0.0_rc4 cpe:/a:john_lim:adodb:4.68 cpe:/a:john_lim:adodb:4.66 cpe:/a:moodle:moodle:1.5.3 CVE-2006-0146 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:28.937-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:39:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://www.xaraya.com/index.php/news/569 BID 16187 BUGTRAQ 20060202 Bug for libs in php link directory 2.0 OSVDB 22290 GENTOO GLSA-200604-07 VUPEN ADV-2006-1419 VUPEN ADV-2006-1304 VUPEN ADV-2006-0447 VUPEN ADV-2006-0370 VUPEN ADV-2006-0105 VUPEN ADV-2006-0104 VUPEN ADV-2006-0103 VUPEN ADV-2006-0101 DEBIAN DSA-1031 DEBIAN DSA-1030 DEBIAN DSA-1029 MISC http://secunia.com/secunia_research/2005-64/advisory/ SECUNIA 19699 SECUNIA 19591 SECUNIA 19590 SECUNIA 19563 SECUNIA 19555 SECUNIA 18720 SECUNIA 18276 SECUNIA 18260 SECUNIA 18233 SECUNIA 17418 XF adodb-server-command-execution(24051) BUGTRAQ 20070418 MediaBeez Sql query Execution .. Wear isn't ?? :) BUGTRAQ 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection CONFIRM http://www.maxdev.com/Article550.phtml VUPEN ADV-2006-1305 VUPEN ADV-2006-0102 SREASON 713 SECUNIA 24954 SECUNIA 19691 SECUNIA 19600 SECUNIA 18267 SECUNIA 18254 MISC http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. cpe:/a:mantis:mantis:0.19.4 cpe:/a:the_cacti_group:cacti:0.8.6g cpe:/a:postnuke_software_foundation:postnuke:0.761 cpe:/a:mantis:mantis:1.0.0_rc4 cpe:/a:john_lim:adodb:4.68 cpe:/a:john_lim:adodb:4.66 cpe:/a:moodle:moodle:1.5.3 CVE-2006-0147 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.107-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:38:00.000-05:00 ALLOWS_OTHER_ACCESS OSVDB 22291 GENTOO GLSA-200604-07 VUPEN ADV-2006-1332 VUPEN ADV-2006-0104 VUPEN ADV-2006-0103 VUPEN ADV-2006-0102 VUPEN ADV-2006-0101 DEBIAN DSA-1030 DEBIAN DSA-1029 MISC http://secunia.com/secunia_research/2005-64/advisory/ SECUNIA 19628 SECUNIA 19591 SECUNIA 19590 SECUNIA 19555 SECUNIA 18276 SECUNIA 18260 SECUNIA 18254 SECUNIA 18233 SECUNIA 17418 BUGTRAQ 20060412 Simplog <=0.9.2 multiple vulnerabilities BUGTRAQ 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection VUPEN ADV-2006-1305 DEBIAN DSA-1031 SECUNIA 19600 SECUNIA 18267 MISC http://retrogod.altervista.org/simplog_092_incl_xpl.html MISC http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html MILW0RM 1663 XF adodb-tmssql-command-execution(24052) SECUNIA 19691 Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. cpe:/a:netsarang:xlpd:2.1 CVE-2006-0148 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.263-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-10T08:41:00.000-05:00 BID 16164 MISC http://www.ipomonis.com/advisories/xlpd.txt SECTRACK 1015444 XF xlpd-connection-dos(24041) NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. cpe:/a:simpbook:simpbook:1.0 CVE-2006-0149 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.403-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:42:00.000-05:00 SECTRACK 1015451 FULLDISC 20060106 SimpBook "message" Remote Cross-Site Scripting Vulnerability Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. cpe:/a:dave_carrigan:auth_ldap:1.4.2 cpe:/a:dave_carrigan:auth_ldap:1.4.0 cpe:/a:dave_carrigan:auth_ldap:1.4.3 cpe:/a:dave_carrigan:auth_ldap:1.3.4 cpe:/a:dave_carrigan:auth_ldap:1.3.2 cpe:/a:dave_carrigan:auth_ldap:1.3.3 cpe:/a:dave_carrigan:auth_ldap:1.3.0 cpe:/a:dave_carrigan:auth_ldap:1.6.0 cpe:/a:dave_carrigan:auth_ldap:1.3.1 cpe:/a:dave_carrigan:auth_ldap:1.2.3 cpe:/a:dave_carrigan:auth_ldap:1.2.4 cpe:/a:dave_carrigan:auth_ldap:1.2.1 cpe:/a:dave_carrigan:auth_ldap:1.2.2 CVE-2006-0150 2005-12-22T00:00:00.000-05:00 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.560-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:46:00.000-05:00 ALLOWS_USER_ACCESS MANDRIVA MDKSA-2006:017 BID 16177 REDHAT RHSA-2006:0179 VUPEN ADV-2006-0117 DEBIAN DSA-952 SECUNIA 18568 SECUNIA 18412 SECUNIA 18405 SECUNIA 18382 BUGTRAQ 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability CONFIRM http://www.rudedog.org/auth_ldap/Changes.html MISC http://www.digitalarmaments.com/2006090173928420.html SECTRACK 1015456 XF apache-authldap-format-string(24030) Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. cpe:/a:todd_miller:sudo:1.6 cpe:/a:todd_miller:sudo:1.6.8_p9 cpe:/a:todd_miller:sudo:1.6.8_p8 cpe:/a:todd_miller:sudo:1.6.8_p7 cpe:/a:todd_miller:sudo:1.6.4_p2 cpe:/a:todd_miller:sudo:1.6.8_p5 cpe:/a:todd_miller:sudo:1.6.4_p1 cpe:/a:todd_miller:sudo:1.6.5_p2 cpe:/a:todd_miller:sudo:1.6.8_p2 cpe:/a:todd_miller:sudo:1.6.5_p1 cpe:/a:todd_miller:sudo:1.6.8_p1 cpe:/a:todd_miller:sudo:1.6.3_p1 cpe:/a:todd_miller:sudo:1.6.3_p2 cpe:/a:todd_miller:sudo:1.6.3_p7 cpe:/a:todd_miller:sudo:1.6.8_p12 cpe:/a:todd_miller:sudo:1.6.3_p3 cpe:/a:todd_miller:sudo:1.6.3_p4 cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc cpe:/a:todd_miller:sudo:1.6.3_p5 cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc cpe:/o:ubuntu:ubuntu_linux:5.10::i386 cpe:/a:todd_miller:sudo:1.6.3_p6 cpe:/o:ubuntu:ubuntu_linux:5.04::amd64 cpe:/a:todd_miller:sudo:1.6.6 cpe:/o:ubuntu:ubuntu_linux:4.1::ppc cpe:/a:todd_miller:sudo:1.6.5 cpe:/o:ubuntu:ubuntu_linux:4.1::ia64 cpe:/a:todd_miller:sudo:1.6.8 cpe:/a:todd_miller:sudo:1.6.7 cpe:/a:todd_miller:sudo:1.6.2 cpe:/a:todd_miller:sudo:1.6.1 cpe:/a:todd_miller:sudo:1.6.4 cpe:/a:todd_miller:sudo:1.6.3 cpe:/a:todd_miller:sudo:1.5.7 cpe:/a:todd_miller:sudo:1.5.6 cpe:/a:todd_miller:sudo:1.5.9 cpe:/o:ubuntu:ubuntu_linux:5.04::i386 cpe:/a:todd_miller:sudo:1.5.8 cpe:/a:todd_miller:sudo:1.6.7_p5 cpe:/o:ubuntu:ubuntu_linux:5.10::amd64 CVE-2006-0151 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.730-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-10T09:22:00.000-05:00 ALLOWS_ADMIN_ACCESS SECUNIA 18363 UBUNTU USN-235-2 BID 16184 SECUNIA 18358 TRUSTIX 2006-0010 SUSE SUSE-SR:2006:002 MANDRIVA MDKSA-2006:159 DEBIAN DSA-946 SLACKWARE SSA:2006-045-08 SECUNIA 21692 SECUNIA 19016 SECUNIA 18906 SECUNIA 18558 SECUNIA 18549 MANDRIVA MDKSA-2006:159 sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. cpe:/a:phpchamber:phpchamber:1.2 CVE-2006-0152 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:29.980-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:08:00.000-05:00 BID 16180 VUPEN ADV-2006-0094 SECUNIA 18360 XF phpchamber-searchresult-xss(24029) OSVDB 22282 Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0153 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.123-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:11:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16178 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) VUPEN ADV-2006-0091 SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-scripts-security-bypass(24038) OSVDB 22274 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0154 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.277-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:12:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16169 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) VUPEN ADV-2006-0091 SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-showthread-sql-injection(24039) OSVDB 22275 SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0155 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.420-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:13:00.000-05:00 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) VUPEN ADV-2006-0091 SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-posts-xss(24040) OSVDB 22276 Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI. cpe:/a:foxrum:foxrum:4.0.4f CVE-2006-0156 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.577-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:14:00.000-05:00 BID 16172 BUGTRAQ 20060109 [eVuln] Foxrum BBCode XSS Vulnerabilty VUPEN ADV-2006-0121 SECUNIA 18386 MISC http://evuln.com/vulns/20 XF foxrum-bbcode-xss(24043) SREASON 325 Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. cpe:/a:reamday_enterprises:magic_news_plus:1.0.3 CVE-2006-0157 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.717-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:18:00.000-05:00 BID 16182 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.pl SECUNIA 18601 settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. cpe:/a:cyberdoc:sitesuite_cms CVE-2006-0158 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.857-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:21:00.000-05:00 ALLOWS_OTHER_ACCESS OSVDB 22205 VUPEN ADV-2006-0038 SECUNIA 18305 MISC http://osvdb.org/ref/22/22205-sitesuite.txt SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. CVE-2006-0159 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:31.013-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:23:00.000-05:00 ALLOWS_OTHER_ACCESS OSVDB 22264 VUPEN ADV-2006-0073 SECUNIA 18327 XF domus-escribir-sql-injection(24017) SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information. cpe:/a:venom_board:venom_board:1.22 CVE-2006-0160 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:31.170-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:26:00.000-05:00 ALLOWS_OTHER_ACCESS XF venomboard-addpost-sql-injection(24046) BID 16176 OSVDB 22297 VUPEN ADV-2006-0122 SECUNIA 18383 BUGTRAQ 20060109 [eVuln] Venom Board SQL Injection Vulnerability BUGTRAQ 20060109 [eVuln] Venom Board SQL Injection Vulnerability MISC http://evuln.com/vulns/21/summary.html SREASON 326 SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. cpe:/o:sun:solaris:8.0 cpe:/o:sun:solaris:9.0::sparc CVE-2006-0161 2006-01-10T14:03:00.000-05:00 2008-09-05T16:58:31.310-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:51:00.000-05:00 ALLOWS_USER_ACCESS SUNALERT 101933 VUPEN ADV-2006-0113 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm SECTRACK 1015455 SECUNIA 19087 SECUNIA 18371 Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780. cpe:/a:clam_anti-virus:clamav:0.87.1 cpe:/a:clam_anti-virus:clamav:0.84_rc2 cpe:/a:clam_anti-virus:clamav:0.86.1 cpe:/a:clam_anti-virus:clamav:0.86.2 cpe:/a:clam_anti-virus:clamav:0.84_rc1 cpe:/a:clam_anti-virus:clamav:0.80_rc4 cpe:/a:clam_anti-virus:clamav:0.80_rc2 cpe:/a:clam_anti-virus:clamav:0.80_rc3 cpe:/a:clam_anti-virus:clamav:0.80_rc1 cpe:/a:clam_anti-virus:clamav:0.87 cpe:/a:clam_anti-virus:clamav:0.60 cpe:/a:clam_anti-virus:clamav:0.86 cpe:/a:clam_anti-virus:clamav:. cpe:/a:clam_anti-virus:clamav:0.85 cpe:/a:clam_anti-virus:clamav:0.68.1 cpe:/a:clam_anti-virus:clamav:0.67 cpe:/a:clam_anti-virus:clamav:0.84 cpe:/a:clam_anti-virus:clamav:0.83 cpe:/a:clam_anti-virus:clamav:0.65 cpe:/a:clam_anti-virus:clamav:0.82 cpe:/a:clam_anti-virus:clamav:0.81 cpe:/a:clam_anti-virus:clamav:0.80 cpe:/a:clam_anti-virus:clamav:0.68 cpe:/a:clam_anti-virus:clamav:0.85.1 cpe:/a:clam_anti-virus:clamav:0.75.1 cpe:/a:clam_anti-virus:clamav:0.51 cpe:/a:clam_anti-virus:clamav:0.70 cpe:/a:clam_anti-virus:clamav:0.52 cpe:/a:clam_anti-virus:clamav:0.53 cpe:/a:clam_anti-virus:clamav:0.54 CVE-2006-0162 2006-01-10T14:03:00.000-05:00 2008-09-05T16:58:31.467-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:53:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#385908 BID 16191 VUPEN ADV-2006-0116 SECUNIA 18379 CONFIRM http://www.clamav.net/doc/0.88/ChangeLog XF clamav-libclamav-upx-bo(24047) MISC http://www.zerodayinitiative.com/advisories/ZDI-06-001.html TRUSTIX 2006-0002 OSVDB 22318 MANDRIVA MDKSA-2006:016 GENTOO GLSA-200601-07 DEBIAN DSA-947 SECTRACK 1015457 SREASON 342 SECUNIA 18548 SECUNIA 18478 SECUNIA 18463 SECUNIA 18453 FULLDISC 20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability MANDRIVA MDKSA-2006:016 Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. cpe:/a:postgresql:postgresql:8.1.0 cpe:/a:postgresql:postgresql:8.0 cpe:/a:postgresql:postgresql:8.1.1 cpe:/a:postgresql:postgresql:8.0.3 cpe:/a:postgresql:postgresql:8.0.2 cpe:/a:postgresql:postgresql:8.0.5 cpe:/a:postgresql:postgresql:8.0.4 cpe:/a:postgresql:postgresql:8.0.1 CVE-2006-0105 2006-01-10T15:03:00.000-05:00 2008-09-05T16:58:22.387-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-11T08:49:00.000-05:00 MLIST [pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability XF postgresql-connection-request-dos(24049) BID 16201 BUGTRAQ 20060111 PostgreSQL security releases 8.0.6 and 8.1.2 CONFIRM http://www.postgresql.org/about/news.456 VUPEN ADV-2006-0114 SECTRACK 1015482 SREASON 327 SECUNIA 18419 PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_2000::sp4::fr cpe:/o:microsoft:windows_xp::sp1:tablet_pc cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:r2 CVE-2006-0020 2006-01-10T16:03:00.000-05:00 2008-09-05T16:58:08.483-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T08:39:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#312956 CERT TA06-045A BID 16516 MS MS06-004 VUPEN ADV-2006-0469 SECUNIA 18729 OSVDB 22976 CONFIRM http://www.microsoft.com/technet/security/advisory/913333.mspx SECUNIA 18912 MLIST [funsec] 20060110 Another WMF flaw without a Microsoft patch An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." cpe:/o:microsoft:windows_nt:4.0:sp6a:alpha cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_nt:4.0:sp1:alpha cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_nt:4.0:sp5:server cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_nt:4.0:sp2:workstation cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_nt:3.5.1:sp5 cpe:/o:microsoft:windows_nt:3.5.1:sp4 cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server cpe:/o:microsoft:windows_nt:3.5.1:sp3 cpe:/o:microsoft:windows_nt:3.5.1:sp5:alpha cpe:/o:microsoft:windows_nt:3.5.1:sp2 cpe:/o:microsoft:windows_nt:3.5.1:sp1 cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp6a:server cpe:/o:microsoft:windows_nt:3.5.1 cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_nt:4.0:sp1:workstation cpe:/o:microsoft:windows_nt:4.0:sp6:server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp3:alpha cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_nt:4.0:sp6 cpe:/o:microsoft:windows_nt:4.0:sp6:workstation cpe:/o:microsoft:windows_nt:4.0:sp5 cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation cpe:/o:microsoft:windows_nt:4.0:sp2:alpha cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_nt:4.0::terminal_server cpe:/o:microsoft:windows_nt:4.0:sp5:alpha cpe:/o:microsoft:windows_nt:4.0:sp1:server cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_nt:4.0::workstation cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_nt:4.0:sp2:server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_nt:4.0:sp4:alpha cpe:/o:microsoft:windows_nt:4.0:sp5:workstation cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0::terminal_server_alpha cpe:/o:microsoft:windows_nt:4.0::enterprise_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_nt:4.0::alpha cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server cpe:/o:microsoft:windows_nt:4.0::server cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_nt:4.0:sp4:workstation cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_nt:4.0:sp3:server cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_nt:4.0:sp6:alpha cpe:/o:microsoft:windows_nt:4.0:sp6a cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000::sp4:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp4:server cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp3:workstation cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server CVE-2006-0010 2006-01-10T17:03:00.000-05:00 2008-09-05T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T08:36:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA06-010A CERT-VN VU#915930 BID 16194 MS MS06-002 VUPEN ADV-2006-0118 SECUNIA 18365 XF win-embedded-fonts-bo(23922) MISC http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525 BUGTRAQ 20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability OSVDB 18829 EEYE EEYEB20050801 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm SECTRACK 1015459 SECUNIA 18391 SECUNIA 18311 Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. cpe:/a:microsoft:exchange_server:5.5 cpe:/a:microsoft:outlook:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:exchange_server:5.0:sp2 cpe:/a:microsoft:office:2003:sp1 cpe:/a:microsoft:exchange_server:5.0:sp1 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:5.5:sp1 cpe:/a:microsoft:outlook:2002:sp3 cpe:/a:microsoft:exchange_server:5.5:sp4 cpe:/a:microsoft:exchange_server:5.5:sp3 cpe:/a:microsoft:exchange_server:5.5:sp2 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:exchange_server:5.0 cpe:/a:microsoft:office:2000:sp3 CVE-2006-0002 2006-01-10T17:03:00.000-05:00 2008-09-05T16:58:05.437-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:31:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-010A CERT-VN VU#252146 BID 16197 BUGTRAQ 20060110 Microsoft Outlook Critical Vulnerability BUGTRAQ 20060110 Microsoft Exchange Critical Vulnerability MS MS06-003 VUPEN ADV-2006-0119 SECTRACK 1015461 SECTRACK 1015460 SECUNIA 18368 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm XF win-tnef-overflow(22878) SREASON 331 SREASON 330 Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.2 CVE-2006-0035 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:11.247-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-11T16:08:00.000-05:00 TRUSTIX 2006-0004 SECUNIA 18482 BID 16414 CONFIRM http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961 XF kernel-afnetlink-dos(24202) VUPEN ADV-2006-0220 SREASON 388 The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0. cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:6.0:release CVE-2006-0054 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:14.483-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-12T07:57:00.000-05:00 BID 16209 SECUNIA 18378 FREEBSD FreeBSD-SA-06:04 XF ipfw-icmp-fragment-dos(24073) OSVDB 22319 SECTRACK 1015477 The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. cpe:/o:freebsd:freebsd:5.0:alpha cpe:/o:freebsd:freebsd:4.10:release cpe:/o:freebsd:freebsd:5.3:stable cpe:/o:freebsd:freebsd:5.2.1:release cpe:/o:freebsd:freebsd:4.11:stable cpe:/o:freebsd:freebsd:5.0:release_p14 cpe:/o:freebsd:freebsd:4.10:releng cpe:/o:freebsd:freebsd:5.3:release cpe:/o:freebsd:freebsd:5.4:pre-release cpe:/o:freebsd:freebsd:4.10:release_p8 cpe:/o:freebsd:freebsd:5.3:releng cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:5.2.1:releng cpe:/o:freebsd:freebsd:5.0 cpe:/o:freebsd:freebsd:5.0:releng cpe:/o:freebsd:freebsd:5.2 cpe:/o:freebsd:freebsd:5.1 cpe:/o:freebsd:freebsd:4.11:releng cpe:/o:freebsd:freebsd:5.4:release cpe:/o:freebsd:freebsd:5.1:release_p5 cpe:/o:freebsd:freebsd:5.3 cpe:/o:freebsd:freebsd:4.10 cpe:/o:freebsd:freebsd:5.1:releng cpe:/o:freebsd:freebsd:6.0:release cpe:/o:freebsd:freebsd:5.1:alpha cpe:/o:freebsd:freebsd:4.11:release_p3 cpe:/o:freebsd:freebsd:5.4:releng cpe:/o:freebsd:freebsd:5.1:release CVE-2006-0055 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:14.637-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T08:01:00.000-05:00 BID 16207 SECUNIA 18404 FREEBSD FreeBSD-SA-06:02 XF ee-ispell-op-symlink(24074) OSVDB 22320 SECTRACK 1015469 The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. cpe:/a:francisco_burzi:php-nuke_ev:7.7_r1 CVE-2006-0163 2006-01-11T16:03:00.000-05:00 2008-10-03T00:45:56.493-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T08:04:00.000-05:00 ALLOWS_OTHER_ACCESS XF phpnukeev-search-sql-injection(44978) BID 16186 OSVDB 22316 VUPEN ADV-2006-0120 SECUNIA 18394 MISC http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. cpe:/a:woah-projekt:phgstats:0.3 cpe:/a:woah-projekt:phgstats:0.4 cpe:/a:woah-projekt:phgstats:0.1 cpe:/a:woah-projekt:phgstats:0.2 cpe:/a:woah-projekt:phgstats:0.3.1 cpe:/a:woah-projekt:phgstats:0.4.1 cpe:/a:woah-projekt:phgstats:0.4.2 cpe:/a:woah-projekt:phgstats:0.5 CVE-2006-0164 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:31.810-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T08:11:00.000-05:00 ALLOWS_O