cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:publisher:2003 cpe:/a:microsoft:publisher:2000 cpe:/a:microsoft:publisher:2002 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp1 CVE-2006-0001 2005-08-03T00:00:00.000-04:00 2006-09-12T19:07:00.000-04:00 2011-03-07T21:29:09.000-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-09-13T12:32:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA06-255A CERT-VN VU#406236 BID 19951 BUGTRAQ 20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability MS MS06-054 MISC http://www.computerterrorism.com/research/ct12-09-2006-2.htm SECUNIA 21863 XF publisher-pub-code-execution(28648) VUPEN ADV-2006-3565 HP SSRT061187 HP HPSBST02134 SECTRACK 1016825 SREASON 1548 Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:outlook:2002:sp3 cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:5.5:sp1 cpe:/a:microsoft:outlook:2003 cpe:/a:microsoft:exchange_server:5.0 cpe:/a:microsoft:exchange_server:5.0:sp2 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:exchange_server:5.5 cpe:/a:microsoft:exchange_server:5.5:sp4 cpe:/a:microsoft:exchange_server:5.0:sp1 cpe:/a:microsoft:exchange_server:5.5:sp2 cpe:/a:microsoft:exchange_server:5.5:sp3 cpe:/a:microsoft:outlook:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp1 CVE-2006-0002 2006-01-10T17:03:00.000-05:00 2011-04-12T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:31:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-010A CERT-VN VU#252146 BID 16197 BUGTRAQ 20060110 Microsoft Outlook Critical Vulnerability BUGTRAQ 20060110 Microsoft Exchange Critical Vulnerability MS MS06-003 SECTRACK 1015461 SECTRACK 1015460 SECUNIA 18368 XF win-tnef-overflow(22878) VUPEN ADV-2006-0119 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm SREASON 331 SREASON 330 Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. cpe:/a:microsoft:data_access_components:2.5:sp3 cpe:/a:microsoft:data_access_components:2.8 cpe:/a:microsoft:data_access_components:2.7:sp1 cpe:/a:microsoft:data_access_components:2.8:sp1 cpe:/a:microsoft:data_access_components:2.7 cpe:/a:microsoft:data_access_components:2.8:sp2 CVE-2006-0003 2006-04-11T20:02:00.000-04:00 2011-03-07T21:29:09.187-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-04-12T14:06:00.000-04:00 ALLOWS_USER_ACCESS CERT TA06-101A CERT-VN VU#234812 MS MS06-014 XF ie-wscriptshell-command-execution(29915) XF mdac-rdsdataspace-execute-code(25006) VUPEN ADV-2006-2452 VUPEN ADV-2006-1319 MISC http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf BID 20797 BID 17462 BUGTRAQ 20080128 Re: Exploit in IE6,7 BUGTRAQ 20080128 Exploit in IE6,7 BUGTRAQ 20070731 Re: Exploit In Internet Explorer BUGTRAQ 20070730 RE: Exploit In Internet Explorer BUGTRAQ 20070730 Re: Exploit In Internet Explorer BUGTRAQ 20070729 Exploit In Internet Explorer OSVDB 24517 MILW0RM 2164 MILW0RM 2052 CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html CONFIRM http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html SECTRACK 1015894 SECUNIA 20719 SECUNIA 19583 Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. cpe:/a:microsoft:office:2000:sp3 CVE-2006-0004 2006-02-14T15:02:00.000-05:00 2011-03-07T21:29:09.297-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-02-28T14:58:00.000-05:00 CERT-VN VU#963628 MS MS06-010 VUPEN ADV-2006-0579 XF powerpoint-tiff-information-disclosure(24490) BID 16634 SECTRACK 1015632 SECUNIA 18865 Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). cpe:/o:microsoft:windows_xp:::x64 cpe:/o:microsoft:windows_server_2003:web_edition_sp1 cpe:/o:microsoft:windows-nt:datacenter_server:sp3 cpe:/o:microsoft:windows_2000_advanced_server:sp3 cpe:/o:microsoft:windows_2000::sp3:pro cpe:/o:microsoft:windows_xp::sp2:pro cpe:/o:microsoft:windows_2000_advanced_server:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_edition cpe:/o:microsoft:windows_2003_server:enterprise_edition cpe:/o:microsoft:windows_server_2000:sp1 cpe:/o:microsoft:windows_2000::sp2:pro cpe:/o:microsoft:windows_server_2003:standard_sp1 cpe:/o:microsoft:windows_xp:::pro cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:standard cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows-nt:xp_tablet_pc:sp1 cpe:/o:microsoft:windows_server_2003:enterprise_sp1 cpe:/o:microsoft:windows_2000::sp4:pro cpe:/o:microsoft:windows_server_2000:none cpe:/o:microsoft:windows_2003_server:datacenter_edition_64-bit cpe:/o:microsoft:windows_server_2003:datacenter_sp1 cpe:/o:microsoft:windows-nt:xp:sp2:home cpe:/o:microsoft:windows-nt:datacenter_server:sp2 cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows-nt:xp cpe:/o:microsoft:windows-nt:xp_tablet_pc:sp2 cpe:/o:microsoft:windows-nt:datacenter_server:sp4 cpe:/o:microsoft:windows_server_2000:sp3 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows-nt:2000 cpe:/o:microsoft:windows_xp::sp1:pro cpe:/o:microsoft:windows_2000_advanced_server:sp2 cpe:/o:microsoft:windows_2000_advanced_server cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:enterprise_edition_64-bit cpe:/o:microsoft:windows_2000::sp1:pro cpe:/o:microsoft:windows-nt:xp_tablet_pc cpe:/o:microsoft:windows-nt:datacenter_server:sp1 cpe:/o:microsoft:windows_2000_advanced_server:sp4 cpe:/o:microsoft:windows_2003_server:web_edition cpe:/o:microsoft:windows-nt:datacenter_server cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_server_2000:sp2 CVE-2006-0005 2006-02-14T14:06:00.000-05:00 2011-03-07T21:29:09.393-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-02-21T16:09:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA06-045A CERT-VN VU#692060 XF win-mediaplayer-plugin-embed-bo(24493) VUPEN ADV-2006-0575 BID 16644 MS MS06-006 IDEFENSE 20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability SECTRACK 1015628 SECUNIA 18852 Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. cpe:/a:microsoft:windows_media_player:10 cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:r2 cpe:/a:microsoft:windows_media_player:7.1 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/a:microsoft:windows_media_player:9 cpe:/o:microsoft:windows_2000::sp4::fr cpe:/o:microsoft:windows_2000::sp1 cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_xp::sp1:tablet_pc CVE-2006-0006 2006-02-14T17:06:00.000-05:00 2011-10-17T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-03-06T08:28:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA06-045A CERT-VN VU#291396 BID 16633 MS MS06-005 MISC http://www.eeye.com/html/research/advisories/AD20060214.html SECTRACK 1015627 SECUNIA 18835 XF win-media-player-bmp-bo(24488) VUPEN ADV-2006-0574 BUGTRAQ 20060215 Windows Media Player BMP Heap Overflow (MS06-005) BUGTRAQ 20060214 [EEYEB-20051017] Windows Media Player BMP Heap Overflow SREASON 423 Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp1 CVE-2006-0007 2006-07-11T17:05:00.000-04:00 2011-03-07T21:29:09.547-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-07-12T10:33:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA06-192A CERT-VN VU#668564 MS MS06-039 VUPEN ADV-2006-2757 BID 18915 BUGTRAQ 20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability OSVDB 27146 SECTRACK 1016470 SECUNIA 21013 VULNWATCH 20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/a:microsoft:office:2003::student_teacher cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_xp::sp1:home cpe:/a:microsoft:office:2003:sp2 cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/a:microsoft:office:2003:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center CVE-2006-0008 2006-02-14T14:06:00.000-05:00 2011-03-28T00:00:00.000-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-03-06T08:48:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#739844 BID 16643 MS MS06-009 SECTRACK 1015631 SECUNIA 18859 XF win-korean-ime-privilege-elevation(24492) VUPEN ADV-2006-0578 BUGTRAQ 20060215 Security advisory: Windows IME Vulnerability (MS06-009) MISC http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. cpe:/a:microsoft:works:2003 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:works:2002 cpe:/a:microsoft:works:2005 cpe:/a:microsoft:works:2000 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:works:2004 cpe:/a:microsoft:works:2001 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:works:2006 cpe:/a:microsoft:office:2003:sp1 CVE-2006-0009 2006-03-14T18:02:00.000-05:00 2011-03-07T21:29:09.987-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T08:40:00.000-05:00 ALLOWS_OTHER_ACCESS CERT TA06-073A CERT-VN VU#682820 BID 17000 BUGTRAQ 20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata MS MS06-012 SECTRACK 1015766 SECUNIA 19138 XF powerpoint-presentation-code-execution(29009) XF office-routing-slip-bo(25009) VUPEN ADV-2006-3678 VUPEN ADV-2006-0950 MISC http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBH MISC http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99 MISC http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt BID 20059 BUGTRAQ 20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written BUGTRAQ 20060919 New PowerPoint 0-day Trojan in the wild BUGTRAQ 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue BUGTRAQ 20060819 New PowerPoint 0-day and Trojan - FAQ document ready BUGTRAQ 20060422 PowerPoint Phishing Trojan OSVDB 23903 MISC http://www.darkreading.com/document.asp?doc_id=101970 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SECTRACK 1016886 SECTRACK 1016720 SECUNIA 19238 FULLDISC 20060919 New PowerPoint 0-day Trojan in the wild MISC http://isc.sans.org/diary.php?storyid=1618 MISC http://blogs.securiteam.com/?p=559 MISC http://blogs.securiteam.com/?p=557 MISC http://blogs.securiteam.com/?author=28 FULLDISC 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. cpe:/o:microsoft:windows_nt:4.0:sp1:server cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_nt:4.0:sp3:workstation cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_nt:4.0:sp1:workstation cpe:/o:microsoft:windows_nt:4.0:sp4:workstation cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_nt:3.5.1 cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_nt:4.0:sp6a:server cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0:sp4:alpha cpe:/o:microsoft:windows_nt:4.0:sp3:server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_nt:3.5.1:sp4 cpe:/o:microsoft:windows_nt:4.0:sp6:server cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp4:server cpe:/o:microsoft:windows_nt:4.0::terminal_server cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_nt:4.0:sp6a cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp3:alpha cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_nt:4.0::terminal_server_alpha cpe:/o:microsoft:windows_nt:4.0:sp1:alpha cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp5:server cpe:/o:microsoft:windows_nt:3.5.1:sp5:alpha cpe:/o:microsoft:windows_nt:4.0:sp6:workstation cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp6 cpe:/o:microsoft:windows_nt:4.0:sp6a:alpha cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_2000::sp4:advanced_server cpe:/o:microsoft:windows_nt:4.0:sp5 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_nt:4.0::server cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_nt:4.0:sp5:workstation cpe:/o:microsoft:windows_nt:4.0:sp5:alpha cpe:/o:microsoft:windows_nt:3.5.1:sp5 cpe:/o:microsoft:windows_nt:4.0:sp6:alpha cpe:/o:microsoft:windows_nt:4.0::enterprise_server cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_nt:3.5.1:sp1 cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_nt:4.0:sp2:server cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_nt:3.5.1:sp3 cpe:/o:microsoft:windows_nt:3.5.1:sp2 cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_nt:4.0:sp2:workstation cpe:/o:microsoft:windows_nt:4.0:sp2:alpha cpe:/o:microsoft:windows_nt:4.0::alpha cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_nt:4.0::workstation cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_2000::sp4:professional CVE-2006-0010 2006-01-10T17:03:00.000-05:00 2011-03-07T21:29:10.080-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T08:36:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA06-010A CERT-VN VU#915930 BID 16194 MS MS06-002 SECUNIA 18365 XF win-embedded-fonts-bo(23922) MISC http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525 VUPEN ADV-2006-0118 BUGTRAQ 20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability OSVDB 18829 EEYE EEYEB20050801 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm SECTRACK 1015459 SECUNIA 18391 SECUNIA 18311 Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2000::sp4:advanced_server CVE-2006-0012 2006-04-11T20:02:00.000-04:00 2011-03-07T21:29:10.187-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-04-12T14:04:00.000-04:00 ALLOWS_USER_ACCESS CERT TA06-101A CERT-VN VU#641460 MS MS06-015 SECUNIA 19606 XF win-explorer-com-code-execution(25554) VUPEN ADV-2006-1320 BID 17464 OSVDB 24516 SECTRACK 1015897 Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1 CVE-2006-0013 2006-02-14T14:06:00.000-05:00 2011-03-07T21:29:10.283-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-17T13:33:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#388900 BID 16636 MS MS06-008 SECTRACK 1015630 SECUNIA 18857 XF msrpc-webclient-message-bo(24491) VUPEN ADV-2006-0577 Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. cpe:/a:microsoft:outlook_express:5.5:sp2 cpe:/a:microsoft:outlook_express:6.0 cpe:/a:microsoft:outlook_express:5.5 cpe:/a:microsoft:outlook_express:5.5:sp1 cpe:/a:microsoft:outlook_express:6.0:sp1 CVE-2006-0014 2005-09-20T00:00:00.000-04:00 2006-04-11T20:02:00.000-04:00 2011-03-07T21:29:10.377-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-04-12T14:07:00.000-04:00 ALLOWS_USER_ACCESS MS MS06-016 SECUNIA 19617 MISC http://www.zerodayinitiative.com/advisories/ZDI-06-007.html VUPEN ADV-2006-1321 BID 17459 BUGTRAQ 20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability XF outlook-express-wab-bo(25535) SECTRACK 1015898 SREASON 691 FULLDISC 20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. cpe:/a:microsoft:sharepoint_team_services cpe:/a:microsoft:frontpage_server_extensions:2002 CVE-2006-0015 2006-04-11T19:02:00.000-04:00 2011-03-07T21:29:10.453-05:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-04-12T10:52:00.000-04:00 ALLOWS_OTHER_ACCESS BID 17452 MS MS06-017 MISC http://www.argeniss.com/research/ARGENISS-ADV-040602.txt SECTRACK 1015896 SECTRACK 1015895 SECUNIA 19623 VUPEN ADV-2006-1322 BUGTRAQ 20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting XF fpse-html-xss(25537) SREASON 704 Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. CVE-2006-0018 2005-11-29T16:03:00.000-05:00 2008-09-10T15:55:02.087-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3899. Reason: This candidate is a duplicate of CVE-2005-3899. Notes: All CVE users should reference CVE-2005-3899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/o:kde:kde:3.3.2 cpe:/o:kde:kde:3.2 cpe:/o:kde:kde:3.2.3 cpe:/o:kde:kde:3.2.x cpe:/o:kde:kde:3.3.x cpe:/o:kde:kde:3.2.2 cpe:/o:kde:kde:3.4.1 cpe:/o:kde:kde:3.4.0 cpe:/o:kde:kde:3.2.0_beta1 cpe:/o:kde:kde:3.4 cpe:/o:kde:kde:3.3.1 cpe:/o:kde:kde:3.2.1 cpe:/o:kde:kde:3.2.0 cpe:/o:kde:kde:3.3.0 cpe:/o:kde:kde:3.3 cpe:/o:kde:kde:3.5.0 cpe:/o:kde:kde:3.4.2 CVE-2006-0019 2006-01-20T16:03:00.000-05:00 2011-03-07T21:29:10.597-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-23T10:49:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow CONFIRM http://www.kde.org/info/security/advisory-20060119-1.txt SECUNIA 18500 CONFIRM ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff VUPEN ADV-2006-0265 UBUNTU USN-245-1 SUSE SUSE-SA:2006:003 REDHAT RHSA-2006:0184 GENTOO GLSA-200601-11 DEBIAN DSA-948 SECUNIA 18570 SECUNIA 18561 SECUNIA 18559 SECUNIA 18552 SECUNIA 18540 XF kde-kjs-bo(24242) BID 16325 FEDORA FLSA:178606 OSVDB 22659 MANDRIVA MDKSA-2006:019 SLACKWARE SSA:2006-045-05 SECTRACK 1015512 SREASON 364 SECUNIA 18899 SECUNIA 18583 Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2000::sp4::fr cpe:/o:microsoft:windows_2003_server:sp1 cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_xp::sp1:tablet_pc CVE-2006-0020 2006-01-10T16:03:00.000-05:00 2011-03-07T21:29:10.687-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T08:39:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#312956 CERT TA06-045A BID 16516 MS MS06-004 SECUNIA 18729 VUPEN ADV-2006-0469 OSVDB 22976 CONFIRM http://www.microsoft.com/technet/security/advisory/913333.mspx SECUNIA 18912 MLIST [funsec] 20060110 Another WMF flaw without a Microsoft patch An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_xp::sp1:embedded cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/o:microsoft:windows_xp:::embedded cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center CVE-2006-0021 2006-02-14T14:06:00.000-05:00 2011-03-07T00:00:00.000-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-02-28T15:06:00.000-05:00 CERT TA06-045A CERT-VN VU#839284 BID 16645 MS MS06-007 SECUNIA 18853 XF win-igmpv3-dos(24489) VUPEN ADV-2006-0576 BUGTRAQ 20071023 SYMSA-2007-012: Microsoft Windows CE IGMP Denial of Service MISC http://www.securiteam.com/exploits/5PP0T0KI0O.html MILW0RM 1599 SECTRACK 1015629 Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." cpe:/a:microsoft:powerpoint:2000 cpe:/a:microsoft:powerpoint:2003:sp1 cpe:/a:microsoft:powerpoint:2002 cpe:/a:microsoft:powerpoint:2003:sp2 cpe:/a:microsoft:powerpoint:2002:sp3 cpe:/a:microsoft:powerpoint:2002:sp1 cpe:/a:microsoft:powerpoint:2003:sp3 cpe:/a:microsoft:powerpoint:2000:sp2 cpe:/a:microsoft:powerpoint:2000:sr1 cpe:/a:microsoft:powerpoint:2000:sp3 cpe:/a:microsoft:powerpoint:2002:sp2 cpe:/a:microsoft:powerpoint:2004::mac cpe:/a:microsoft:powerpoint:2003 CVE-2006-0022 2006-06-13T15:06:00.000-04:00 2011-04-12T00:00:00.000-04:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-06-14T08:00:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA06-164A CERT-VN VU#190089 BID 18382 MS MS06-028 XF powerpoint-record-bo(26784) VUPEN ADV-2006-2325 OSVDB 26435 SECTRACK 1016287 SECUNIA 20633 Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_xp::sp1:tablet_pc CVE-2006-0023 2006-02-07T21:18:00.000-05:00 2011-03-07T00:00:00.000-05:00 4.3 LOCAL LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-02-08T07:58:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#953860 MS MS06-011 SECUNIA 18756 XF win-auth-users-insecure-permissions(24463) CONFIRM http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID= VUPEN ADV-2006-0417 BUGTRAQ 20060131 Windows Access Control Demystified MISC http://www.microsoft.com/technet/security/advisory/914457.mspx MISC http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SECTRACK 1015765 SECTRACK 1015595 SECUNIA 19313 SECUNIA 19238 Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. cpe:/a:macromedia:flash_player:7.0_r19 cpe:/a:macromedia:flash_player:6.0.65.0 cpe:/a:macromedia:flash_player:8.0.22.0 cpe:/a:macromedia:flash_player:6.0.40.0 cpe:/a:macromedia:flash_player:5.0_r50 cpe:/a:macromedia:flash_player:6.0.29.0 cpe:/a:macromedia:flash_player:6.0.79.0 cpe:/a:macromedia:flash_player:7.0.19.0 cpe:/a:macromedia:flash_player:7.0.60.0 cpe:/a:macromedia:flash_player:6.0 cpe:/a:macromedia:flash_player:5.0 cpe:/a:macromedia:flash_player:7.0.61.0 cpe:/a:macromedia:flash_player:4.0_r12 cpe:/a:macromedia:flash_player:6.0.47.0 CVE-2006-0024 2006-03-15T11:06:00.000-05:00 2011-03-07T21:29:11.110-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T09:04:00.000-05:00 ALLOWS_USER_ACCESS CERT TA07-352A CERT TA06-132A CERT TA06-129A CERT TA06-075A CERT-VN VU#945060 CONFIRM http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html SECUNIA 19218 XF macromedia-swf-code-execution(25005) VUPEN ADV-2007-4238 VUPEN ADV-2006-1779 VUPEN ADV-2006-1744 VUPEN ADV-2006-1262 VUPEN ADV-2006-0952 BID 17106 REDHAT RHSA-2006:0268 OSVDB 23908 BID 17951 CONFIRM http://www.opera.com/docs/changelogs/windows/854/ SUSE SUSE-SA:2006:015 MS MS06-020 GENTOO GLSA-200603-20 SECTRACK 1015770 SECUNIA 28136 SECUNIA 20077 SECUNIA 20045 SECUNIA 19328 SECUNIA 19259 SECUNIA 19198 APPLE APPLE-SA-2007-12-17 APPLE APPLE-SA-2006-05-11 CONFIRM http://docs.info.apple.com/article.html?artnum=307179 Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. cpe:/a:microsoft:windows_media_player:10 cpe:/a:microsoft:windows_media_player:9 CVE-2006-0025 2006-02-22T00:00:00.000-05:00 2006-06-13T15:06:00.000-04:00 2011-03-07T21:29:11.250-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-06-14T07:52:00.000-04:00 CERT TA06-164A CERT-VN VU#608020 BID 18385 MS MS06-024 IDEFENSE 20060613 Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow SECUNIA 20626 XF win-media-player-png-bo(26788) VUPEN ADV-2006-2322 OSVDB 26430 SECTRACK 1016284 Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. cpe:/a:microsoft:internet_information_server:6.0 cpe:/a:microsoft:internet_information_server:5.1 cpe:/a:microsoft:internet_information_server:5.0 CVE-2006-0026 2006-07-11T18:05:00.000-04:00 2011-03-07T21:29:11.347-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-07-12T11:38:00.000-04:00 ALLOWS_USER_ACCESS CERT-VN VU#395588 CERT TA06-192A XF iis-asp-bo(26796) BID 18858 MS MS06-034 SECTRACK 1016466 SECUNIA 21006 VUPEN ADV-2006-2752 OSVDB 27152 BUGTRAQ 20060718 ASP.DLL Include File Buffer Overflow Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). cpe:/a:microsoft:exchange_server:2000:sp3 cpe:/a:microsoft:exchange_server:2003:sp2 cpe:/a:microsoft:exchange_server:2003:sp1 CVE-2006-0027 2006-05-09T22:10:00.000-04:00 2011-04-15T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-10T10:47:00.000-04:00 ALLOWS_USER_ACCESS CERT TA06-129A CERT-VN VU#303452 MS MS06-019 XF exchange-calendar-code-execution(25556) VUPEN ADV-2006-1743 BID 17908 OSVDB 25338 SECTRACK 1016048 SECUNIA 20029 Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:x::mac_os_x cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:excel:2004::mac_os_x cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2003:sp1 CVE-2006-0028 2006-03-14T18:02:00.000-05:00 2011-04-18T00:00:00.000-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T08:44:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-073A CERT-VN VU#339878 MS MS06-012 SECTRACK 1015766 SECUNIA 19138 XF excel-parsing-format-file-bo(25225) MISC http://www.zerodayinitiative.com/advisories/ZDI-06-004.html VUPEN ADV-2006-0950 BUGTRAQ 20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability OSVDB 23899 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SREASON 583 SECUNIA 19238 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:x::mac_os_x cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:excel:2004::mac_os_x cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2003:sp1 CVE-2006-0029 2006-03-14T18:02:00.000-05:00 2011-04-15T00:00:00.000-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T08:52:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-073A CERT-VN VU#235774 MS MS06-012 SECTRACK 1015766 SECUNIA 19138 XF excel-description-bo(25227) VUPEN ADV-2006-0950 OSVDB 23900 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SREASON 586 SREASON 585 SECUNIA 19238 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:excel:x::mac_os_x cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:excel:2000 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:excel:2004::mac_os_x cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2003:sp1 CVE-2006-0030 2006-03-14T18:02:00.000-05:00 2011-03-07T00:00:00.000-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T08:53:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-073A CERT-VN VU#123222 MS MS06-012 SECTRACK 1015766 SECUNIA 19138 XF excel-graphic-bo(25229) VUPEN ADV-2006-0950 BID 16181 OSVDB 23901 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SECUNIA 19238 Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:v.x::mac cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2004::mac cpe:/a:microsoft:office:2003:sp1 CVE-2006-0031 2006-03-14T18:02:00.000-05:00 2011-03-07T00:00:00.000-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-03-16T08:54:00.000-05:00 ALLOWS_USER_ACCESS CERT TA06-073A CERT-VN VU#104302 BID 17101 MS MS06-012 SECTRACK 1015766 SECUNIA 19138 XF excel-record-bo(25228) VUPEN ADV-2006-0950 BUGTRAQ 20060315 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability OSVDB 23902 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm SREASON 589 SECUNIA 19238 FULLDISC 20060314 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1 cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2003_server:standard cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1_beta_1 cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1_beta_1 cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2003_server:datacenter_edition cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1 cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2000:resource_kit cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_2003_server:sp1::enterprise cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1 cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1 cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1 cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1 cpe:/o:microsoft:windows_2000::sp4:advanced_server CVE-2006-0032 2006-09-12T19:07:00.000-04:00 2011-03-07T21:29:12.127-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-09-13T13:15:00.000-04:00 CERT TA06-255A CERT-VN VU#108884 BID 19927 MS MS06-053 SECUNIA 21861 XF ms-indexing-service-xss(28651) VUPEN ADV-2006-3564 BUGTRAQ 20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053] BUGTRAQ 20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]) HP SSRT061187 HP HPSBST02134 MISC http://www.geocities.jp/ptrs_sec/advisory09e.html SECTRACK 1016826 Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:office:2000:sp3 cpe:/a:microsoft:office:2003:sp2 cpe:/a:microsoft:office:2003:sp1 CVE-2006-0033 2006-07-11T17:05:00.000-04:00 2011-04-12T00:00:00.000-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-07-12T11:24:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT TA06-192A CERT-VN VU#459388 BID 18913 MS MS06-039 VUPEN ADV-2006-2757 OSVDB 27147 MISC http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-22.html SECTRACK 1016470 SECUNIA 21013 Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. cpe:/o:microsoft:windows_nt:4.0:sp5 cpe:/o:microsoft:windows_nt:4.0:sp1:server cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_nt:4.0::server cpe:/o:microsoft:windows_nt:4.0:sp5:workstation cpe:/o:microsoft:windows_nt:4.0:sp3:workstation cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_nt:4.0::enterprise_server cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_nt:4.0:sp1:workstation cpe:/o:microsoft:windows_nt:4.0:sp4:workstation cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_nt:4.0:sp1 cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_nt:4.0:sp6a:server cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_nt:4.0:sp2:server cpe:/o:microsoft:windows_nt:4.0:sp4 cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp3:server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_nt:4.0:sp6:server cpe:/o:microsoft:windows_xp:::embedded cpe:/a:microsoft:distributed_transaction_coordinator cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp4:server cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_nt:4.0::terminal_server cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp3 cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_nt:4.0:sp6a cpe:/o:microsoft:windows_nt:4.0:sp6a:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_nt:4.0:sp2:workstation cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_nt:4.0:sp2 cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_xp::sp1:embedded cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_nt:4.0:sp5:server cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_nt:4.0::workstation cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_nt:4.0:sp6:workstation cpe:/o:microsoft:windows_nt:4.0:sp6 cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2000::sp4:advanced_server CVE-2006-0034 2005-10-11T00:00:00.000-04:00 2006-05-09T22:14:00.000-04:00 2011-10-17T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-10T10:54:00.000-04:00 ALLOWS_USER_ACCESS BID 17906 BUGTRAQ 20060509 [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow MS MS06-018 MISC http://www.eeye.com/html/research/advisories/AD20060509a.html SECUNIA 20000 XF msdtc-network-message-dos(25559) VUPEN ADV-2006-1742 BUGTRAQ 20060511 Microsoft MSDTC NdrAllocate Validation Vulnerability OSVDB 25335 SECTRACK 1016047 SREASON 863 FULLDISC 20060510 Microsoft MSDTC NdrAllocate Validation Vulnerability FULLDISC 20060509 [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.15 CVE-2006-0035 2006-01-11T16:03:00.000-05:00 2012-03-19T00:00:00.000-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-11T16:08:00.000-05:00 TRUSTIX 2006-0004 SECUNIA 18482 XF kernel-afnetlink-dos(24202) VUPEN ADV-2006-0220 BID 16414 CONFIRM http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961 SREASON 388 The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0. cpe:/o:linux:linux_kernel:2.6.14 CVE-2006-0036 2006-01-23T17:03:00.000-05:00 2011-03-07T21:29:12.470-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-24T07:56:00.000-05:00 VUPEN ADV-2006-0220 CONFIRM http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e497502ab XF kernel-pptpincallrequest-dos(24203) TRUSTIX 2006-0004 BID 16414 SREASON 388 SECUNIA 18482 ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation. cpe:/o:linux:linux_kernel:2.6.14 CVE-2006-0037 2006-01-23T17:03:00.000-05:00 2011-03-07T21:29:12.563-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-24T07:55:00.000-05:00 VUPEN ADV-2006-0220 CONFIRM http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710 XF kernel-pptpnathelper-dos(24204) TRUSTIX 2006-0004 BID 16414 SREASON 388 SECUNIA 18482 ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used. cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.11:rc2 cpe:/o:linux:linux_kernel:2.6.7:rc1 cpe:/o:linux:linux_kernel:2.6.13.3 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.15.1 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.6.13.2 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.11:rc3 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/o:linux:linux_kernel:2.6.11:rc4 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.15:rc2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.16:rc1 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.0:test11 cpe:/o:linux:linux_kernel:2.6.13:rc1 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.6.13.1 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:linux:linux_kernel:2.6.12:rc5 cpe:/o:linux:linux_kernel:2.6.13:rc7 cpe:/o:linux:linux_kernel:2.6.12.5 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.15.5 cpe:/o:linux:linux_kernel:2.6.15.3 cpe:/o:linux:linux_kernel:2.6.13.4 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.13:rc4 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14.5 cpe:/o:linux:linux_kernel:2.6.12.6 cpe:/o:linux:linux_kernel:2.6.12:rc4 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6_test9_cvs cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.8:rc3 cpe:/o:linux:linux_kernel:2.6.8:rc2 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.10:rc2 cpe:/o:linux:linux_kernel:2.6.12:rc1 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.15.4 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.8:rc1 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.6:rc1 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.15.2 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.13:rc6 cpe:/o:linux:linux_kernel:2.6.6 CVE-2006-0038 2006-03-22T15:06:00.000-05:00 2011-03-07T21:29:12.627-05:00 6.9 LOCAL MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-03-23T12:48:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 17178 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295 XF linux-netfilter-doreplace-overflow(25400) VUPEN ADV-2006-2554 VUPEN ADV-2006-1046 UBUNTU USN-302-1 REDHAT RHSA-2006:0575 CONFIRM http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168 DEBIAN DSA-1103 DEBIAN DSA-1097 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm SECUNIA 22417 SECUNIA 21465 SECUNIA 20914 SECUNIA 20716 SECUNIA 20671 SECUNIA 19330 Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function. cpe:/o:linux:linux_kernel:2.6.16 CVE-2006-0039 2006-05-16T00:00:00.000-04:00 2006-05-19T18:02:00.000-04:00 2011-03-07T21:29:12.750-05:00 4.7 LOCAL HIGH NONE PARTIAL NONE COMPLETE http://nvd.nist.gov 2006-05-22T09:31:00.000-04:00 MISC http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13 CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=133465 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698 XF linux-doaddcounters-race-condition(26583) VUPEN ADV-2006-2554 VUPEN ADV-2006-1893 UBUNTU USN-311-1 BID 18113 REDHAT RHSA-2006:0689 OSVDB 25697 DEBIAN DSA-1103 DEBIAN DSA-1097 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm SECUNIA 22945 SECUNIA 22292 SECUNIA 21476 SECUNIA 20991 SECUNIA 20914 SECUNIA 20671 SECUNIA 20185 CONFIRM http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17 Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE. cpe:/a:gnome:evolution:2.4.2.1 CVE-2006-0040 2006-03-09T20:02:00.000-05:00 2011-03-07T21:29:12.830-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-03-10T15:23:00.000-05:00 VUPEN ADV-2006-0801 BUGTRAQ 20060301 Evolution Emailer DoS XF evolution-email-dos(25050) BID 16899 SECUNIA 19094 GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. cpe:/a:libapreq2:libapreq2:1.33 cpe:/a:libapreq2:libapreq2:2.05_dev cpe:/a:libapreq2:libapreq2:1.0 cpe:/a:libapreq2:libapreq2:2.04_dev cpe:/a:libapreq2:libapreq2:1.2 cpe:/a:libapreq2:libapreq2:2.03_dev cpe:/a:libapreq2:libapreq2:1.3 cpe:/a:libapreq2:libapreq2:1.1 cpe:/a:libapreq2:libapreq2:2.06_dev cpe:/a:libapreq2:libapreq2:2.02_dev cpe:/a:libapreq2:libapreq2:2.01_dev CVE-2006-0042 2006-02-18T16:02:00.000-05:00 2011-05-19T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-02-23T10:27:00.000-05:00 BID 16710 DEBIAN DSA-1000 SECUNIA 19139 SECUNIA 18846 XF libapreq2-parsing-dos(24917) VUPEN ADV-2006-0645 GENTOO GLSA-200604-08 CONFIRM http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup SREASON 737 SECUNIA 19658 Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity. cpe:/o:suse:suse_linux:9.1::personal cpe:/o:suse:suse_linux:9.3::x86_64 cpe:/o:suse:suse_linux:9.1::professional cpe:/o:suse:suse_linux:1.0 cpe:/o:suse:suse_linux:9.2::professional cpe:/o:suse:suse_linux:9.3::personal cpe:/o:suse:suse_linux:9.3::professional cpe:/o:suse:suse_linux:9.2::personal cpe:/o:suse:suse_linux:9.1::x86_64 cpe:/o:suse:suse_linux:10.0::professional cpe:/o:suse:suse_linux:9.2::x86_64 CVE-2006-0043 2006-01-30T21:03:00.000-05:00 2011-03-07T21:29:12.987-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-31T10:10:00.000-05:00 ALLOWS_USER_ACCESS SECUNIA 18638 SUSE SUSE-SA:2006:005 XF nfs-rpcmountd-realpath-bo(24347) VUPEN ADV-2006-0348 BID 16388 SECUNIA 18614 DEBIAN DSA-975 SECUNIA 18889 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020 Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. cpe:/a:albatross:albatross:1.32 cpe:/a:albatross:albatross:1.00 cpe:/a:albatross:albatross:1.01 cpe:/a:albatross:albatross:1.30 cpe:/a:albatross:albatross:1.20 cpe:/a:albatross:albatross:1.10 CVE-2006-0044 2006-01-17T20:51:00.000-05:00 2011-03-07T21:29:13.220-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-18T09:57:00.000-05:00 ALLOWS_USER_ACCESS DEBIAN DSA-942 SECUNIA 18457 VUPEN ADV-2006-0196 BID 16252 CONFIRM http://www.object-craft.com.au/projects/albatross/news.html MISC http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.diff.gz XF albatross-context-command-execution(24130) OSVDB 22451 SECUNIA 18496 Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields". cpe:/a:linley_henzell:dungeon_crawl:4.0.0_b23 CVE-2006-0045 2006-01-20T16:03:00.000-05:00 2011-03-07T21:29:13.313-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-23T11:00:00.000-05:00 ALLOWS_ADMIN_ACCESS DEBIAN DSA-949 VUPEN ADV-2006-0303 BID 16337 SECUNIA 18545 XF crawl-insecure-command-execution(24262) OSVDB 22690 SECUNIA 18573 crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. cpe:/a:cameron_simpson:adzapper:2006-01-14 cpe:/a:cameron_simpson:adzapper:2006-01-23 cpe:/a:cameron_simpson:adzapper:2006-01-25 cpe:/a:cameron_simpson:adzapper:2006-01-01 cpe:/a:cameron_simpson:adzapper:2006-01-29 cpe:/a:cameron_simpson:adzapper:2006-01-24 cpe:/a:cameron_simpson:adzapper:2006-01-28 cpe:/a:cameron_simpson:adzapper:2006-01-07 cpe:/a:cameron_simpson:adzapper:2006-01-15 cpe:/a:cameron_simpson:adzapper:2006-01-05 CVE-2006-0046 2006-02-13T06:06:00.000-05:00 2011-03-07T21:29:13.393-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-02-13T08:11:00.000-05:00 DEBIAN DSA-966 SECUNIA 18777 SECUNIA 18771 VUPEN ADV-2006-0491 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308;msg=5;att=1 CONFIRM http://adzapper.sourceforge.net/cvslog.html XF adzapper-squid-redirect-dos(24640) BID 16558 OSVDB 22900 squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions. cpe:/a:freeciv:freeciv:2.0.3 cpe:/a:freeciv:freeciv:2.0.5 cpe:/a:freeciv:freeciv:2.0.7 cpe:/a:freeciv:freeciv:2.0.6 cpe:/a:freeciv:freeciv:2.0.0 cpe:/a:freeciv:freeciv:2.0.4 cpe:/a:freeciv:freeciv:2.0.7a cpe:/a:freeciv:freeciv:2.0.2 cpe:/a:freeciv:freeciv:2.0.1 CVE-2006-0047 2006-03-07T06:02:00.000-05:00 2011-08-25T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-03-08T08:00:00.000-05:00 BID 16975 BUGTRAQ 20060306 Out of memory crash in Freeciv 2.0.7 SECUNIA 19120 XF freeciv-packets-dos(25166) VUPEN ADV-2006-0838 MANDRIVA MDKSA-2006:053 GENTOO GLSA-200603-11 DEBIAN DSA-994 SECUNIA 19253 SECUNIA 19227 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211 packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values. cpe:/a:francesco_stablum:tcpick:0.2.1 CVE-2006-0048 2006-04-25T20:06:00.000-04:00 2011-03-07T21:29:13.580-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-04-27T09:42:00.000-04:00 VUPEN ADV-2006-1466 BID 17665 MISC http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151 XF tcpick-writec-dos(26090) Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread. cpe:/a:gnu:privacy_guard:1.0.2 cpe:/a:gnu:privacy_guard:1.3.4 cpe:/a:gnu:privacy_guard:1.0.3 cpe:/a:gnu:privacy_guard:1.3.3 cpe:/a:gnu:privacy_guard:1.4.2 cpe:/a:gnu:privacy_guard:1.0.7 cpe:/a:gnu:privacy_guard:1.0.5 cpe:/a:gnu:privacy_guard:1.2.1 cpe:/a:gnu:privacy_guard:1.4.2.1 cpe:/a:gnu:privacy_guard:1.0.3b cpe:/a:gnu:privacy_guard:1.2.4 cpe:/a:gnu:privacy_guard:1.4.1 cpe:/a:gnu:privacy_guard:1.0.6 cpe:/a:gnu:privacy_guard:1.0.4 cpe:/a:gnu:privacy_guard:1.2.6 cpe:/a:gnu:privacy_guard:1.0 cpe:/a:gnu:privacy_guard:1.2.5 cpe:/a:gnu:privacy_guard:1.4 cpe:/a:gnu:privacy_guard:1.0.1 cpe:/a:gnu:privacy_guard:1.2 cpe:/a:gnu:privacy_guard:1.2.3 cpe:/a:gnu:privacy_guard:1.2.2 cpe:/a:gnu:privacy_guard:1.2.7 cpe:/a:gnu:privacy_guard:1.2.2:rc1 CVE-2006-0049 2006-03-13T16:06:00.000-05:00 2011-03-07T21:29:13.687-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-03-14T07:55:00.000-05:00 BID 17058 BUGTRAQ 20060309 GnuPG does not detect injection of unsigned data OSVDB 23790 GENTOO GLSA-200603-08 DEBIAN DSA-993 SECTRACK 1015749 SECUNIA 19173 MLIST [gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data VUPEN ADV-2006-0915 UBUNTU USN-264-1 XF gnupg-nondetached-sig-verification(25184) TRUSTIX 2006-0014 SLACKWARE SSA:2006-072-02 FEDORA FLSA-2006:185355 REDHAT RHSA-2006:0266 FEDORA FEDORA-2006-147 MANDRIVA MDKSA-2006:055 SREASON 568 SREASON 450 SECUNIA 19532 SECUNIA 19287 SECUNIA 19249 SECUNIA 19244 SECUNIA 19234 SECUNIA 19232 SECUNIA 19231 SECUNIA 19203 SECUNIA 19197 SUSE SUSE-SA:2006:014 SGI 20060401-01-U gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. cpe:/o:debian:debian_linux:3.1::sparc cpe:/o:debian:debian_linux:3.1::ia-64 cpe:/o:debian:debian_linux:3.0::mips cpe:/o:debian:debian_linux:3.0::ia-32 cpe:/o:debian:debian_linux:3.1::s-390 cpe:/o:debian:debian_linux:3.0::s-390 cpe:/o:debian:debian_linux:3.1::mipsel cpe:/o:debian:debian_linux:3.0::alpha cpe:/o:debian:debian_linux:3.1::ppc cpe:/o:debian:debian_linux:3.0::arm cpe:/o:debian:debian_linux:3.1::mips cpe:/o:debian:debian_linux:3.0::mipsel cpe:/o:debian:debian_linux:3.1::hppa cpe:/o:debian:debian_linux:3.1::m68k cpe:/o:debian:debian_linux:3.0::ppc cpe:/o:debian:debian_linux:3.0 cpe:/o:debian:debian_linux:3.0::hppa cpe:/o:debian:debian_linux:3.1::alpha cpe:/o:debian:debian_linux:3.0::m68k cpe:/o:debian:debian_linux:3.0::ia-64 cpe:/o:debian:debian_linux:3.1 cpe:/o:debian:debian_linux:3.1::arm cpe:/o:debian:debian_linux:3.1::amd64 cpe:/o:debian:debian_linux:3.1::ia-32 cpe:/o:debian:debian_linux:3.0::sparc CVE-2006-0050 2006-03-23T06:06:00.000-05:00 2008-09-05T16:58:13.780-04:00 1.2 LOCAL HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-03-23T13:30:00.000-05:00 DEBIAN DSA-1013 SECUNIA 19318 BID 17182 XF snmptrapfmt-log-temprary-file(25442) snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. cpe:/a:kaffeine:kaffeine_player:0.4.3b cpe:/a:kaffeine:kaffeine_player:0.5_rc1 cpe:/a:kaffeine:kaffeine_player:0.7.1 cpe:/a:kaffeine:kaffeine_player:0.4.3 cpe:/a:kaffeine:kaffeine_player:0.4.2 CVE-2006-0051 2006-04-05T06:04:00.000-04:00 2011-03-07T21:29:13.860-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-04-05T09:06:00.000-04:00 ALLOWS_USER_ACCESS CONFIRM http://www.kde.org/info/security/advisory-20060404-1.txt SECUNIA 19525 XF kaffeine-http-peek-bo(25631) VUPEN ADV-2006-1229 UBUNTU USN-268-1 BID 17372 BUGTRAQ 20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek() SUSE SUSE-SR:2006:008 GENTOO GLSA-200604-04 DEBIAN DSA-1023 SECTRACK 1015863 SECUNIA 19571 SECUNIA 19557 SECUNIA 19549 SECUNIA 19542 SECUNIA 19540 MANDRIVA MDKSA-2006:065 Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function. cpe:/a:gnu:mailman:2.0:beta4 cpe:/a:gnu:mailman:2.1.1 cpe:/a:gnu:mailman:2.1 cpe:/a:gnu:mailman:2.1.2 cpe:/a:gnu:mailman:2.0.6 cpe:/a:gnu:mailman:2.0.14 cpe:/a:gnu:mailman:2.0.10 cpe:/a:gnu:mailman:2.0.13 cpe:/a:gnu:mailman:2.1.4 cpe:/a:gnu:mailman:1.0 cpe:/a:gnu:mailman:2.0.4 cpe:/a:gnu:mailman:2.0:beta5 cpe:/a:gnu:mailman:2.0 cpe:/a:gnu:mailman:2.0.9 cpe:/a:gnu:mailman:2.1.3 cpe:/a:gnu:mailman:2.0.2 cpe:/a:gnu:mailman:2.0.11 cpe:/a:gnu:mailman:2.0.8 cpe:/a:gnu:mailman:2.0:beta3 cpe:/a:gnu:mailman:2.1b1 cpe:/a:gnu:mailman:2.0.3 cpe:/a:gnu:mailman:2.1.5 cpe:/a:gnu:mailman:1.1 cpe:/a:gnu:mailman:2.0.7 cpe:/a:gnu:mailman:2.0.1 cpe:/a:gnu:mailman:2.0.5 cpe:/a:gnu:mailman:2.0.12 CVE-2006-0052 2006-03-31T06:06:00.000-05:00 2010-08-21T00:37:22.740-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-03-31T13:51:00.000-05:00 BID 17311 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892 UBUNTU USN-267-1 REDHAT RHSA-2006:0486 OSVDB 24367 SUSE SUSE-SR:2006:008 MANDRIVA MDKSA-2006:061 DEBIAN DSA-1027 SECTRACK 1015851 SECUNIA 20782 SECUNIA 20624 SECUNIA 19571 SECUNIA 19545 SECUNIA 19522 SGI 20060602-01-U The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. cpe:/a:tony_cook:imager:0.42 cpe:/a:tony_cook:imager:0.45_2 cpe:/a:tony_cook:imager:0.43 cpe:/a:tony_cook:imager:0.47 cpe:/a:tony_cook:imager:0.41 cpe:/a:tony_cook:imager:0.48 cpe:/a:tony_cook:imager:0.45 cpe:/a:tony_cook:imager:0.49 cpe:/a:tony_cook:imager:0.44_1 CVE-2006-0053 2006-04-10T14:06:00.000-04:00 2011-05-06T00:00:00.000-04:00 2.6 NETWORK HIGH NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-04-10T14:24:00.000-04:00 BID 17415 DEBIAN DSA-1028 SECUNIA 19577 SECUNIA 19575 XF imager-jpeg-tga-dos(25717) VUPEN ADV-2006-1294 MISC http://rt.cpan.org/Public/Bug/Display.html?id=18397 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661 Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference. cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:6.0:release CVE-2006-0054 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:14.483-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-12T07:57:00.000-05:00 BID 16209 SECUNIA 18378 FREEBSD FreeBSD-SA-06:04 XF ipfw-icmp-fragment-dos(24073) OSVDB 22319 SECTRACK 1015477 The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer. cpe:/o:freebsd:freebsd:5.1 cpe:/o:freebsd:freebsd:4.10:releng cpe:/o:freebsd:freebsd:5.0:release_p14 cpe:/o:freebsd:freebsd:5.1:release_p5 cpe:/o:freebsd:freebsd:5.2.1:release cpe:/o:freebsd:freebsd:5.0 cpe:/o:freebsd:freebsd:4.11:release_p3 cpe:/o:freebsd:freebsd:5.3:stable cpe:/o:freebsd:freebsd:4.11:releng cpe:/o:freebsd:freebsd:5.3:releng cpe:/o:freebsd:freebsd:5.0:releng cpe:/o:freebsd:freebsd:5.1:release cpe:/o:freebsd:freebsd:5.1:releng cpe:/o:freebsd:freebsd:5.0:alpha cpe:/o:freebsd:freebsd:5.4:release cpe:/o:freebsd:freebsd:4.10:release cpe:/o:freebsd:freebsd:6.0:release cpe:/o:freebsd:freebsd:5.3:release cpe:/o:freebsd:freebsd:6.0:stable cpe:/o:freebsd:freebsd:4.11:stable cpe:/o:freebsd:freebsd:5.4:pre-release cpe:/o:freebsd:freebsd:5.1:alpha cpe:/o:freebsd:freebsd:5.3 cpe:/o:freebsd:freebsd:4.10 cpe:/o:freebsd:freebsd:5.2 cpe:/o:freebsd:freebsd:5.4:releng cpe:/o:freebsd:freebsd:4.10:release_p8 cpe:/o:freebsd:freebsd:5.2.1:releng CVE-2006-0055 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:14.637-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T08:01:00.000-05:00 BID 16207 SECUNIA 18404 FREEBSD FreeBSD-SA-06:02 XF ee-ispell-op-symlink(24074) OSVDB 22320 SECTRACK 1015469 The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. cpe:/a:pam-mysql:pam-mysql:0.6 cpe:/a:pam-mysql:pam-mysql:0.4 cpe:/a:pam-mysql:pam-mysql:0.7_pre1 cpe:/a:pam-mysql:pam-mysql:0.5 cpe:/a:pam-mysql:pam-mysql:0.7_pre2 cpe:/a:pam-mysql:pam-mysql:0.3 cpe:/a:pam-mysql:pam-mysql:0.4.7 cpe:/a:pam-mysql:pam-mysql:0.2 cpe:/a:pam-mysql:pam-mysql:0.1 CVE-2006-0056 2006-02-13T06:06:00.000-05:00 2011-03-07T21:29:14.283-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-02-13T08:14:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#693909 BID 16564 SECTRACK 1015603 SECUNIA 18598 VUPEN ADV-2006-0490 OSVDB 22995 OSVDB 22994 GENTOO GLSA-200606-18 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=499394 SECUNIA 20690 MISC http://jvn.jp/cert/JVNVU%23693909/index.html Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL. cpe:/a:microsoft:ie:6:windows_server_2003_sp1 cpe:/a:microsoft:ie:6:sp1 cpe:/a:microsoft:ie:5.5:sp2 cpe:/a:microsoft:ie:5.01:sp4 CVE-2006-0057 2006-01-27T17:03:00.000-05:00 2008-09-05T16:58:15.030-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-30T08:35:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#998297 MISC http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx XF ie-activex-killbit-bypass(24379) BID 16409 OSVDB 23657 Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054. cpe:/a:sendmail:sendmail:8.13.1 cpe:/a:sendmail:sendmail:8.13.5 cpe:/a:sendmail:sendmail:8.13.4 cpe:/a:sendmail:sendmail:8.13.3 cpe:/a:sendmail:sendmail:8.13.0 cpe:/a:sendmail:sendmail:8.13.2 CVE-2006-0058 2006-03-22T15:06:00.000-05:00 2011-03-07T21:29:14.517-05:00 7.6 NETWORK HIGH NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-03-23T13:14:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA06-081A CERT-VN VU#834865 REDHAT RHSA-2006:0265 REDHAT RHSA-2006:0264 VUPEN ADV-2006-2490 VUPEN ADV-2006-2189 VUPEN ADV-2006-1529 VUPEN ADV-2006-1157 VUPEN ADV-2006-1139 VUPEN ADV-2006-1072 VUPEN ADV-2006-1068 VUPEN ADV-2006-1051 VUPEN ADV-2006-1049 CONFIRM http://www.sendmail.com/company/advisory/index.shtml BUGTRAQ 20060322 sendmail vuln advisories (CVE-2006-0058) OPENPKG OpenPKG-SA-2006.007 ISS 20060322 Sendmail Remote Signal Handling Vulnerability GENTOO GLSA-200603-21 DEBIAN DSA-1015 SUNALERT 200494 SECUNIA 19367 SECUNIA 19363 SECUNIA 19342 HP HPSBTU02116 HP HPSBUX02108 XF smtp-timeout-bo(24584) CONFIRM http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751 CONFIRM http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688 BID 17192 FEDORA FLSA:186277 FEDORA FEDORA-2006-193 FEDORA FEDORA-2006-194 OSVDB 24037 OPENBSD [3.8] 006: SECURITY FIX: March 25, 2006 SUSE SUSE-SA:2006:017 MANDRIVA MDKSA-2006:058 CONFIRM http://www.f-secure.com/security/fsc-2006-2.shtml CIAC Q-151 AIXAPAR IY82994 AIXAPAR IY82993 AIXAPAR IY82992 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm SUNALERT 102324 SUNALERT 102262 SLACKWARE SSA:2006-081-01 SECTRACK 1015801 SREASON 743 SREASON 612 SECUNIA 20723 SECUNIA 20243 SECUNIA 19774 SECUNIA 19676 SECUNIA 19533 SECUNIA 19532 SECUNIA 19466 SECUNIA 19450 SECUNIA 19407 SECUNIA 19404 SECUNIA 19394 SECUNIA 19368 SECUNIA 19361 SECUNIA 19360 SECUNIA 19356 SECUNIA 19349 SECUNIA 19346 SECUNIA 19345 HP HPSBTU02116 HP HPSBUX02108 SGI 20060401-01-U SGI 20060302-01-P SCO SCOSA-2006.24 NETBSD NetBSD-SA2006-010 FREEBSD FreeBSD-SA-06:13 Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. cpe:/a:livedata:iccp_server:5.00.045 CVE-2006-0059 2006-05-19T15:02:00.000-04:00 2011-03-07T21:29:14.673-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-19T15:08:00.000-04:00 ALLOWS_OTHER_ACCESS CERT-VN VU#190617 VUPEN ADV-2006-1830 MISC http://www.kb.cert.org/vuls/id/JGEI-6MMS9T XF livedata-iccp-rfc1006-bo(26490) BID 18010 MISC http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html SECTRACK 1016113 SECUNIA 20146 Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets. cpe:/a:phpbb_group:phpbb:2.0.19 CVE-2006-0063 2006-01-05T14:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:53:00.000-05:00 VUPEN ADV-2006-0051 OSVDB 22672 SREASON 313 MISC http://securityreason.com/securityalert/313 SREASONRES 20060105 phpBB 2.0.19 XSS Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. cpe:/a:devellion:cubecart CVE-2006-0064 2006-01-03T17:03:00.000-05:00 2011-08-23T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-03T17:39:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0016 MILW0RM 1398 PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter. cpe:/a:vego:vego_web_forum:1.26 CVE-2006-0065 2006-01-03T17:03:00.000-05:00 2011-03-07T21:29:14.907-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:50:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0003 BUGTRAQ 20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability SECUNIA 18273 MISC http://evuln.com/vulns/1/summary.html BID 16107 OSVDB 22140 SREASON 315 SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. cpe:/a:phpjournaler:phpjournaler:1.0 CVE-2006-0066 2006-01-03T17:03:00.000-05:00 2011-03-07T21:29:15.017-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:53:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0006 BID 16111 BUGTRAQ 20060101 [eVuln] PHPjournaler SQL Injection Vulnerability OSVDB 22149 SECUNIA 18265 MISC http://evuln.com/vulns/9/summary.html SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter. cpe:/a:vego:vego_links_builder:2.00 CVE-2006-0067 2006-01-03T17:03:00.000-05:00 2011-03-07T21:29:15.097-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:53:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0004 SECUNIA 18272 MISC http://evuln.com/vulns/2/summary.html BID 16108 OSVDB 22139 SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. cpe:/a:primo_place:primo_cart:1.0 CVE-2006-0068 2006-01-03T18:03:00.000-05:00 2011-03-07T21:29:15.173-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:47:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0008 SECUNIA 18264 BID 16125 OSVDB 22147 OSVDB 22146 MISC http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php. cpe:/a:chipmunk_scripts:chipmunk_guestbook:1.4 CVE-2006-0069 2006-01-03T18:03:00.000-05:00 2008-09-05T16:58:16.357-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:48:00.000-05:00 BID 19087 BID 16112 BUGTRAQ 20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability SECUNIA 18270 MISC http://evuln.com/vulns/4/summary.html Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. cpe:/a:drupal:drupal:4.5.6 cpe:/a:drupal:drupal:4.6.4 CVE-2006-0070 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.497-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:28:00.000-05:00 BUGTRAQ 20060103 Re: Drupal all versiyon xss cehennem.org BUGTRAQ 20060102 Drupal all versiyon xss cehennem.org ** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE. cpe:/o:gentoo:linux cpe:/a:gentoo:app-crypt_pinentry:0.7.2:r1 cpe:/a:gentoo:app-crypt_pinentry:0.7.2 CVE-2006-0071 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.653-04:00 6.6 LOCAL LOW NONE COMPLETE COMPLETE NONE http://nvd.nist.gov 2006-01-04T08:39:00.000-05:00 BID 16120 GENTOO GLSA-200601-01 OSVDB 22211 SECUNIA 18284 The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. cpe:/o:sco:openserver:5.0.5 cpe:/o:sco:openserver:5.0.3 cpe:/o:sco:openserver:5.0 cpe:/o:sco:openserver:5.0.6 cpe:/o:sco:openserver:5.0.7 cpe:/o:sco:openserver:5.0.1 cpe:/o:sco:openserver:5.0.6a cpe:/o:sco:openserver:5.0.2 cpe:/o:sco:openserver:5.0.4 CVE-2006-0072 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.797-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:42:00.000-05:00 ALLOWS_USER_ACCESS BID 16122 BUGTRAQ 20060102 SCO Openserver 5.0.x exploit MISC http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector. cpe:/a:discusware:discus_professional:3.10.4 cpe:/a:discusware:discus_freeware:3.10.5 CVE-2006-0073 2006-01-03T19:03:00.000-05:00 2008-09-05T16:58:16.967-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:44:00.000-05:00 BID 16119 OSVDB 22153 SECUNIA 18283 Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:jevontech:phpenpals:1.1 CVE-2006-0074 2006-01-03T20:03:00.000-05:00 2011-08-05T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:20:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0005 BID 16109 BUGTRAQ 20060101 [eVuln] PHPenpals SQL Injection Vulnerabilit OSVDB 22150 MILW0RM 8706 SECUNIA 18269 MISC http://evuln.com/vulns/5/summary.html SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected. cpe:/a:gnu:phpbook:1.3.2 cpe:/a:gnu:phpbook:1.2 cpe:/a:gnu:phpbook:1.3 cpe:/a:gnu:phpbook:1.0 cpe:/a:gnu:phpbook:1.1 CVE-2006-0075 2006-01-03T20:03:00.000-05:00 2011-03-07T21:29:15.703-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:22:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16106 BUGTRAQ 20060101 [eVuln] phpBook PHP Code Execution MISC http://evuln.com/vulns/6/summary.html VUPEN ADV-2006-0002 SECUNIA 18268 Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. cpe:/a:oaboard:oaboard:1.0 CVE-2006-0076 2006-01-03T20:03:00.000-05:00 2008-09-05T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:23:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16105 BUGTRAQ 20060531 Re: OaBoard 1.0 Remote File inclusion BUGTRAQ 20060530 OaBoard 1.0 Remote File inclusion BUGTRAQ 20060101 [eVuln] oaBoard PHP Code Execution SECTRACK 1016211 MISC http://evuln.com/vulns/3/summary.html PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. cpe:/a:richard_dawe:file_extattr:0.1 cpe:/a:richard_dawe:file_extattr:0.2 CVE-2006-0077 2006-01-03T20:03:00.000-05:00 2011-03-07T21:29:15.830-05:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-04T08:26:00.000-05:00 BID 16118 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116 SECUNIA 18253 VUPEN ADV-2006-0013 OSVDB 22160 Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors. cpe:/a:haddad_said:b-net_software:1.0 CVE-2006-0078 2006-01-04T01:03:00.000-05:00 2011-03-07T21:29:15.893-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:08:00.000-05:00 VUPEN ADV-2006-0018 BID 16114 BUGTRAQ 20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities SECUNIA 18271 MISC http://evuln.com/vulns/10/summary.html BUGTRAQ 20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities OSVDB 22191 OSVDB 22190 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067 SREASON 316 Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. cpe:/a:scoznet:scozbook:1.1_beta CVE-2006-0079 2006-01-04T01:03:00.000-05:00 2011-03-07T21:29:15.987-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-04T08:11:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0027 BID 16115 BUGTRAQ 20060102 [eVuln] ScozBook "adminname" Authentication Bypass MISC http://evuln.com/vulns/11/summary.html OSVDB 22221 SREASON 318 SECUNIA 8476 SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). cpe:/a:jelsoft:vbulletin:3.5.2 CVE-2006-0080 2006-01-04T01:03:00.000-05:00 2011-03-07T21:29:18.313-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-04T08:13:00.000-05:00 VUPEN ADV-2006-0033 BID 16116 BUGTRAQ 20060108 Html_Injection in vBulletin 3.5.2 BUGTRAQ 20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2 OSVDB 22220 OSVDB 22210 SECUNIA 18299 MISC http://kapda.ir/advisory-177.html Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. cpe:/a:intel:graphics_accelerator_driver:6.14.10.4308 CVE-2006-0081 2006-01-04T01:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-04T08:17:00.000-05:00 VUPEN ADV-2006-0017 BID 16127 OSVDB 22196 SECUNIA 18286 FULLDISC 20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] FULLDISC 20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected] FULLDISC 20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected] ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title. cpe:/a:imagemagick:imagemagick:6.2.3 CVE-2006-0082 2006-01-04T18:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:14:00.000-05:00 ALLOWS_USER_ACCESS BID 12717 GENTOO GLSA-200602-13.xml GENTOO GLSA-200602-06 SLACKWARE SSA:2006-045-03 SECUNIA 19183 SECUNIA 19030 SECUNIA 18851 SECUNIA 18607 SGI 20060301-01-U CONFIRM https://issues.rpath.com/browse/RPL-389 VUPEN ADV-2008-0412 UBUNTU USN-246-1 BUGTRAQ 20061127 rPSA-2006-0218-1 ImageMagick SUSE SUSE-SR:2006:006 MANDRIVA MDKSA-2006:024 DEBIAN DSA-1213 SUNALERT 231321 SECTRACK 1015623 SREASON 500 SECUNIA 28800 SECUNIA 23090 SECUNIA 22998 SECUNIA 19408 SECUNIA 18871 SECUNIA 18261 REDHAT RHSA-2006:0178 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876 Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. cpe:/a:stefan_frings:sms_server_tools CVE-2006-0083 2006-01-09T15:03:00.000-05:00 2008-09-05T16:58:18.467-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T15:14:00.000-05:00 ALLOWS_USER_ACCESS SECUNIA 18357 XF smstools-logging-format-string(24034) BID 16188 OSVDB 22287 DEBIAN DSA-930 SECUNIA 18343 Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors. cpe:/a:rasmp:rasmp:2.0.0 CVE-2006-0084 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:18.643-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-05T08:12:00.000-05:00 VUPEN ADV-2006-0030 BID 16138 OSVDB 22198 SECUNIA 18292 MISC http://evuln.com/vulns/13/summary.html SECTRACK 1015432 VIM 20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd) Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). cpe:/a:nkads:nkads:1.0alfa3 cpe:/a:nkads:nkads:1.0alfa2 CVE-2006-0085 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:18.720-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:55:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0040 MISC http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt SECUNIA 18302 OSVDB 22206 SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. cpe:/a:next_generation_image_gallery:next_generation_image_gallery:0.0.1_lite CVE-2006-0086 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:18.813-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:58:00.000-05:00 VUPEN ADV-2006-0037 SECUNIA 18309 OSVDB 22202 MISC http://osvdb.org/ref/22/22202-nextgen.txt Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. cpe:/a:lizard_cart:lizard_cart_cms:1.0.4 CVE-2006-0087 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:18.907-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:59:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0029 BID 16140 BUGTRAQ 20060104 [eVuln] Lizard Cart CMS SQL Injection Vulnerability SECUNIA 18297 OSVDB 22200 OSVDB 22199 MISC http://www.evuln.com/vulns/12/summary.html SECTRACK 1015435 SREASON 314 SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:intouch:intouch:0.5.1_alpha CVE-2006-0088 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:19.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:02:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0026 BID 16110 BUGTRAQ 20060101 [eVuln] inTouch Authentication Bypass MISC http://evuln.com/vulns/8/summary.html XF intouch-intouch-sql-injection(23954) OSVDB 22382 SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter. cpe:/a:esri:arcpad:7.0.0.156 CVE-2006-0089 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:19.097-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-06T09:03:00.000-05:00 VUPEN ADV-2006-0032 BID 16136 MISC http://users.pandora.be/bratax/advisories/b007.html SECUNIA 18294 OSVDB 22208 Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute. cpe:/a:idv_directory_viewer:idv_directory_viewer:2005.1_b1 CVE-2006-0090 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:19.187-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T09:05:00.000-05:00 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499 VUPEN ADV-2006-0031 SECUNIA 18298 BID 16137 Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter. cpe:/a:open-xchange:open-xchange:0.8.1.6 CVE-2006-0091 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:19.283-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T09:06:00.000-05:00 VUPEN ADV-2006-0034 SECUNIA 18285 FULLDISC 20060103 Open Xchange XSS SECTRACK 1015431 Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. CVE-2006-0092 2006-01-05T06:03:00.000-05:00 2008-09-10T15:55:26.397-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a duplicate of a SiteSuite issue that was also assigned CVE-2006-0158. Notes: All CVE users should consult CVE-2006-0992 and CVE-2006-0158 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:ecardmax.com:atcard_me_php CVE-2006-0093 2006-01-05T06:03:00.000-05:00 2011-03-07T21:29:19.407-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T09:11:00.000-05:00 VUPEN ADV-2006-0039 OSVDB 22203 SECUNIA 18306 MISC http://osvdb.org/ref/22/22203-ecardmax.txt Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. cpe:/a:oaboard:oaboard:1.0 CVE-2006-0094 2006-01-05T06:03:00.000-05:00 2011-08-23T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T09:12:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0028 SECUNIA 17373 PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.6.11.10 cpe:/o:linux:linux_kernel:2.6.12.4 CVE-2006-0095 2006-01-06T06:03:00.000-05:00 2011-03-07T21:29:19.580-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T08:11:00.000-05:00 MLIST [linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it VUPEN ADV-2006-0235 MLIST [linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak XF kernel-dmcrypt-information-disclosure(24189) UBUNTU USN-244-1 TRUSTIX 2006-0004 BID 16301 FEDORA FLSA:157459-4 REDHAT RHSA-2006:0132 FEDORA FEDORA-2006-102 OSVDB 22418 SUSE SUSE-SA:2006:028 MANDRIVA MDKSA-2006:040 DEBIAN DSA-1017 SECTRACK 1015740 SREASON 388 SECUNIA 20398 SECUNIA 19374 SECUNIA 19160 SECUNIA 18774 SECUNIA 18527 SECUNIA 18487 dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. cpe:/o:linux:linux_kernel:2.6.12.2 cpe:/o:linux:linux_kernel:2.6.1 cpe:/o:linux:linux_kernel:2.6.15:rc4 cpe:/o:linux:linux_kernel:2.6.14:rc4 cpe:/o:linux:linux_kernel:2.4.27 cpe:/o:linux:linux_kernel:2.6.11.6 cpe:/o:linux:linux_kernel:2.4.24_ow1 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.6.14.2 cpe:/o:linux:linux_kernel:2.6.11 cpe:/o:linux:linux_kernel:2.6.9:2.6.20 cpe:/o:linux:linux_kernel:2.6.15 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.6.11.3 cpe:/o:linux:linux_kernel:2.6.15:rc1 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.23_ow2 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.6.11.9 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.6.12.1 cpe:/o:linux:linux_kernel:2.4.0:test1 cpe:/o:linux:linux_kernel:2.4.27:pre2 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.6.14.4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.27:pre4 cpe:/o:linux:linux_kernel:2.4.27:pre5 cpe:/o:linux:linux_kernel:2.6.11.2 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.6.11.4 cpe:/o:linux:linux_kernel:2.6.12.3 cpe:/o:linux:linux_kernel:2.6.3 cpe:/o:linux:linux_kernel:2.6.11.12 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.25 cpe:/o:linux:linux_kernel:2.6.15:rc7 cpe:/o:linux:linux_kernel:2.6.15:rc5 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.6.15:rc3 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.28 cpe:/o:linux:linux_kernel:2.6.14:rc3 cpe:/o:linux:linux_kernel:2.6.8.1 cpe:/o:linux:linux_kernel:2.6.12 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.6.14:rc1 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.4.27:pre3 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.6.15:rc6 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.6.5 cpe:/o:linux:linux_kernel:2.6.7 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.6.12.4 cpe:/o:linux:linux_kernel:2.6.14:rc2 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.27:pre1 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.6.11.8 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.6.4 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.6.13 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.6.11.5 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.11.11 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.6.11.7 cpe:/o:linux:linux_kernel:2.6.10 cpe:/o:linux:linux_kernel:2.6.14 cpe:/o:linux:linux_kernel:2.4.26 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:linux:linux_kernel:2.6.11.1 cpe:/o:linux:linux_kernel:2.6.14.1 cpe:/o:linux:linux_kernel:2.6.14.3 cpe:/o:linux:linux_kernel:2.6.6 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.6.11.10 CVE-2006-0096 2006-01-06T06:03:00.000-05:00 2008-11-20T00:00:00.000-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-06T08:13:00.000-05:00 MANDRIVA MDKSA-2006:044 UBUNTU USN-244-1 BID 16304 CONFIRM http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f DEBIAN DSA-1017 SECUNIA 19374 SECUNIA 18977 SECUNIA 18527 CONFIRM http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels. cpe:/a:php:php:4.4.2 cpe:/a:php:php:4.4.0 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.3.10 CVE-2006-0097 2006-01-06T06:03:00.000-05:00 2011-08-01T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:17:00.000-05:00 ALLOWS_USER_ACCESS VUPEN ADV-2006-0046 BID 16145 BUGTRAQ 20060105 Windows PHP 4.x CONFIRM http://www.php.net/ChangeLog-4.php#4.4.3 OSVDB 22232 SECUNIA 18275 FULLDISC 20060105 Windows PHP 4.x FULLDISC 20060108 RE: Windows PHP 4.x Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. cpe:/o:openbsd:openbsd:3.8 cpe:/o:openbsd:openbsd:3.7 CVE-2006-0098 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.280-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:21:00.000-05:00 BID 16144 OPENBSD [3.7] 20060105 008: SECURITY FIX: January 5, 2006 SECUNIA 18296 MISC ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch OSVDB 22231 SECTRACK 1015437 The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/. cpe:/a:valdersoft:valdersoft_shopping_cart:3.0 CVE-2006-0099 2006-01-06T06:03:00.000-05:00 2008-09-10T15:55:27.477-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:27:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16126 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl MILW0RM 1401 PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter. cpe:/a:nicosw:nicoftp:3.0.1.19 CVE-2006-0100 2006-01-06T06:03:00.000-05:00 2008-09-05T16:58:21.577-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-06T08:30:00.000-05:00 ALLOWS_USER_ACCESS BUGTRAQ 20060102 NicoFTP Stack Overflow SREASON 317 Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. cpe:/a:sblog:sblog:0.7.1_build2005-12-02_beta CVE-2006-0101 2006-01-06T00:00:00.000-05:00 2006-01-06T06:03:00.000-05:00 2011-09-13T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:31:00.000-05:00 XF sblog-multiple-scripts-xss(23979) VUPEN ADV-2006-0041 OSVDB 22374 OSVDB 22373 MISC http://osvdb.org/ref/22/22373-sblog.txt Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php. cpe:/a:ralph_capper:tinyphpforum:3.6 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.47 CVE-2006-0102 2006-01-06T06:03:00.000-05:00 2011-03-07T21:29:20.187-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:36:00.000-05:00 VUPEN ADV-2006-0054 BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities OSVDB 22256 SECTRACK 1015436 SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html SREASON 320 Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. cpe:/a:ralph_capper:tinyphpforum:3.6 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.47 CVE-2006-0103 2006-01-06T06:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-06T08:47:00.000-05:00 XF tinyphpforum-users-information-disclosure(24016) VUPEN ADV-2006-0054 BUGTRAQ 20060417 Tiny PHP forum - vulns BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities OSVDB 22257 SECTRACK 1015436 SREASON 320 SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information. cpe:/a:ralph_capper:tinyphpforum:3.6 cpe:/a:ralph_capper:tinyphpforum:3.499 cpe:/a:ralph_capper:tinyphpforum:3.46 cpe:/a:ralph_capper:tinyphpforum:3.49 cpe:/a:ralph_capper:tinyphpforum:3.48 cpe:/a:ralph_capper:tinyphpforum:3.5 cpe:/a:ralph_capper:tinyphpforum:3.47 CVE-2006-0104 2006-01-06T06:03:00.000-05:00 2011-03-07T21:29:20.377-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-06T08:49:00.000-05:00 VUPEN ADV-2006-0054 BUGTRAQ 20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities SECUNIA 18293 MISC http://evuln.com/vulns/14/summary.html MISC http://evuln.com/vulns/14/exploit.html BID 16163 OSVDB 22258 SECTRACK 1015436 SREASON 320 Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php. cpe:/a:postgresql:postgresql:8.1.0 cpe:/a:postgresql:postgresql:8.0.2 cpe:/a:postgresql:postgresql:8.1.1 cpe:/a:postgresql:postgresql:8.0 cpe:/a:postgresql:postgresql:8.0.5 cpe:/a:postgresql:postgresql:8.0.4 cpe:/a:postgresql:postgresql:8.0.3 cpe:/a:postgresql:postgresql:8.0.1 CVE-2006-0105 2006-01-10T15:03:00.000-05:00 2011-03-07T21:29:20.470-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-11T08:49:00.000-05:00 MLIST [pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability VUPEN ADV-2006-0114 XF postgresql-connection-request-dos(24049) BID 16201 BUGTRAQ 20060111 PostgreSQL security releases 8.0.6 and 8.1.2 CONFIRM http://www.postgresql.org/about/news.456 SECTRACK 1015482 SREASON 327 SECUNIA 18419 PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. cpe:/a:wine:wine:0.9.2 cpe:/a:wine:wine:0.9.5 cpe:/a:wine:wine:0.9.4 cpe:/a:wine:wine:2005-09-30 CVE-2006-0106 2006-01-06T13:03:00.000-05:00 2011-03-07T21:29:20.547-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:45:00.000-05:00 ALLOWS_USER_ACCESS SECUNIA 18323 MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197 VUPEN ADV-2006-0098 MLIST [Dailydave] 20060105 WMF goes away :< XF win-wmf-execute-code(23846) BUGTRAQ 20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability SUSE SUSE-SR:2006:002 MANDRIVA MDKSA-2006:014 GENTOO GLSA-200601-09 DEBIAN DSA-954 SECUNIA 18578 SECUNIA 18549 SECUNIA 18451 gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. cpe:/a:idea_development_id_oy:timecan_cms CVE-2006-0107 2006-01-06T19:03:00.000-05:00 2008-09-05T16:58:22.717-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:36:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16159 OSVDB 22252 SECUNIA 18324 XF timecancms-sql-injection(24014) SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108. cpe:/a:idea_development_id_oy:timecan_cms CVE-2006-0108 2006-01-06T19:03:00.000-05:00 2011-03-07T21:29:20.720-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:37:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0078 OSVDB 22253 OSVDB 22252 XF timecancms-sql-injection(24014) SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107. cpe:/a:modular_merchant:shopping_cart CVE-2006-0109 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2011-03-07T21:29:21.000-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:40:00.000-05:00 SECUNIA 18320 VUPEN ADV-2006-0076 BID 16160 OSVDB 22243 MISC http://www.modularmerchant.com/forums/viewtopic.php?t=46 MISC http://osvdb.org/ref/22/22243-modular.txt VIM 20060214 vendor ack/fix 22243: Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS (fwd) Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. cpe:/a:javier_suarez_sanz:foro_domus:2.10 CVE-2006-0110 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2011-03-07T21:29:21.080-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-05-11T10:55:00.000-04:00 VUPEN ADV-2006-0073 BID 16154 BUGTRAQ 20060106 [eVuln] Proyecto Domus 'email' XSS Vulnerability OSVDB 22263 SECUNIA 18327 MISC http://evuln.com/vulns/16/summary.html XF domus-escribir-xss(24020) Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. cpe:/a:boxcar_media:shopping_cart CVE-2006-0111 2006-01-06T00:00:00.000-05:00 2006-01-06T19:03:00.000-05:00 2011-03-07T21:29:21.173-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:41:00.000-05:00 XF boxcar-index-xss(24019) VUPEN ADV-2006-0080 OSVDB 22360 MISC http://osvdb.org/ref/22/22360-boxcar.txt Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. cpe:/a:enhanced_simple_php_gallery:enhanced_simple_php_gallery:1.7 CVE-2006-0112 2006-01-06T20:03:00.000-05:00 2011-03-07T21:29:21.237-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:33:00.000-05:00 VUPEN ADV-2006-0036 OSVDB 22201 SECUNIA 18310 MISC http://osvdb.org/ref/22/22201-espg.txt Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. cpe:/a:enhanced_simple_php_gallery:enhanced_simple_php_gallery:1.7 CVE-2006-0113 2006-01-06T20:03:00.000-05:00 2008-09-05T16:58:23.733-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:34:00.000-05:00 SECUNIA 18310 MISC http://osvdb.org/ref/22/22201-espg.txt OSVDB 22417 Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. cpe:/a:joomla:joomla:1.0.5 CVE-2006-0114 2006-01-09T00:00:00.000-05:00 2006-01-09T06:03:00.000-05:00 2011-06-06T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-09T08:26:00.000-05:00 XF joomla-vcard-information-disclosure(24042) VUPEN ADV-2006-0097 BID 16185 SECUNIA 18361 CONFIRM http://forum.joomla.org/index.php/topic,29031.0.html CONFIRM http://forge.joomla.org/sf/go/artf2950 The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php. cpe:/a:oneplug_solutions:oneplug_cms CVE-2006-0115 2006-01-09T06:03:00.000-05:00 2011-09-08T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T08:28:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0079 BID 16155 OSVDB 22250 OSVDB 22249 OSVDB 22248 SECUNIA 18325 MISC http://osvdb.org/ref/22/22248-oneplug.txt Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp. cpe:/a:inetstore:inetstore_online CVE-2006-0116 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:21.563-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T08:29:00.000-05:00 VUPEN ADV-2006-0075 BID 16156 BUGTRAQ 20060126 Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting OSVDB 22251 VIM 20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd) SECUNIA 18322 MISC http://osvdb.org/ref/22/22251-inetstore.txt Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter. cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_domino:6.5.0 CVE-2006-0117 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:21.673-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T10:06:00.000-05:00 BID 16158 SECUNIA 18328 VUPEN ADV-2006-0081 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-cdtomime-dos(24205) Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion". cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_domino:6.5.0 CVE-2006-0118 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:21.767-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T10:08:00.000-05:00 BID 16158 SECUNIA 18328 VUPEN ADV-2006-0081 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/21d8fd7989fdf78d852570e4001bae68?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/50c634bfe193efa5852570e4001baace?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-long-formula-bo(24206) Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas. cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_domino:6.5.0 CVE-2006-0119 2006-01-09T06:03:00.000-05:00 2011-09-06T00:00:00.000-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-09T13:06:00.000-05:00 BID 16158 SECUNIA 18328 XF domino-smtp-nrouter-dos(27413) XF lotus-web-unspecified-xss(24211) XF lotus-multiple-unspecified(24207) VUPEN ADV-2006-2564 VUPEN ADV-2006-0081 BID 18020 BUGTRAQ 20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument&Highlight=0,GPKS6C9J67 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument&Highlight=0,GPKS5YQGPT CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument&Highlight=0,KSPR699NBP CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument&Highlight=0,GPKS6C9J67 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0,HSAO6BNL6Y CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0,JGAN6B6TZ3 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 SECTRACK 1016390 SECUNIA 20855 Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_domino:6.5.0 CVE-2006-0120 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:21.937-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-09T13:15:00.000-05:00 BID 16158 SECUNIA 18328 VUPEN ADV-2006-0081 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-ssl-keyring-dos(24217) XF lotus-certificate-parsing-dos(24216) XF lotus-delete-attachment-dos(24215) XF lotus-bmp-dos(24214) XF lotus-compact-dos(24213) XF lotus-outofoffice-dos(24212) Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). cpe:/a:ibm:lotus_domino:6.5.2 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.4 cpe:/a:ibm:lotus_domino:6.5.3 cpe:/a:ibm:lotus_notes:6.5.1 cpe:/a:ibm:lotus_notes:6.5.2 cpe:/a:ibm:lotus_domino:6.5.4 cpe:/a:ibm:lotus_domino:6.5.4::fp1 cpe:/a:ibm:lotus_domino_enterprise_server:6.5.2 cpe:/a:ibm:lotus_domino:6.5.1 cpe:/a:ibm:lotus_domino:6.5.4::fp2 cpe:/a:ibm:lotus_notes:6.5 cpe:/a:ibm:lotus_notes:6.5.4 cpe:/a:ibm:lotus_notes:6.5.3 cpe:/a:ibm:lotus_domino:6.5.0 CVE-2006-0121 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.033-05:00 7.8 NETWORK LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-09T13:17:00.000-05:00 BID 16158 SECUNIA 18328 VUPEN ADV-2006-0081 CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/2221243535d88a2b8525701b00420cd6?OpenDocument&Highlight=0,MKIN693QUT CONFIRM http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/20f66e356a76c90f8525702a00420e08?OpenDocument&Highlight=0,MKIN67MQVW CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg27007054 XF lotus-ssl-handshake-dos(24223) Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. cpe:/a:aquifer_cms:aquifer_cms CVE-2006-0122 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.097-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:18:00.000-05:00 OSVDB 22247 VUPEN ADV-2006-0074 BID 16162 SECUNIA 18326 MISC http://osvdb.org/ref/22/22247-aquifer.txt VIM 20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd) Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter. cpe:/a:adn_forum:adn_forum:1.0b cpe:/a:adn_forum:adn_forum:1.0 CVE-2006-0123 2006-01-05T00:00:00.000-05:00 2006-01-09T06:03:00.000-05:00 2011-09-08T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T13:23:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0077 BID 16157 BUGTRAQ 20060105 [eVuln] ADNForum Multiple Vulnerabilities OSVDB 22241 OSVDB 22240 SECTRACK 1015445 SECUNIA 18300 MISC http://evuln.com/vulns/15/summary.html Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. cpe:/a:adn_forum:adn_forum:1.0b cpe:/a:adn_forum:adn_forum:1.0 CVE-2006-0124 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.250-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:24:00.000-05:00 VUPEN ADV-2006-0077 BID 16157 BUGTRAQ 20060105 [eVuln] ADNForum Multiple Vulnerabilities SECUNIA 18300 MISC http://evuln.com/vulns/15/summary.html OSVDB 22242 SECTRACK 1015445 Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. cpe:/a:appserv_open_project:appserv:2.4.5 CVE-2006-0125 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.330-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-09T13:27:00.000-05:00 VUPEN ADV-2006-0053 OSVDB 22228 SECUNIA 18163 BID 16166 Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. cpe:/a:rxvt-unicode:rxvt-unicode:6.2 CVE-2006-0126 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.437-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-09T13:30:00.000-05:00 ALLOWS_USER_ACCESS OSVDB 22223 SECUNIA 18301 VUPEN ADV-2006-0052 CONFIRM http://dist.schmorp.de/rxvt-unicode/Changes rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. cpe:/a:rockliffe:mailsite:6.1.22.0 CVE-2006-0127 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.547-05:00 4.0 NETWORK LOW SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:05:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt OSVDB 22229 SECUNIA 18318 FULLDISC 20060104 Rockliffe Directory Transversal Vulnerability VUPEN ADV-2006-0055 FULLDISC 20060105 Re: Rockliffe Directory Transversal Vulnerability Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. cpe:/a:rockliffe:mailsite:6.1.22.0 CVE-2006-0128 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.123-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-11T09:06:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt FULLDISC 20060104 Rockliffe Directory Transversal Vulnerability XF rockliffe-imap-unspecified-bo(39991) Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. cpe:/a:rockliffe:mailsite:7.0.3.1 CVE-2006-0129 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.720-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:08:00.000-05:00 SECUNIA 18318 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt VUPEN ADV-2006-0055 OSVDB 22230 FULLDISC 20060104 Rockliffe Mailsite User Enumeration Flaw Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. cpe:/a:rockliffe:mailsite:7.0.3.1 CVE-2006-0130 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.420-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:10:00.000-05:00 MISC http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt FULLDISC 20060104 Rockliffe Mailsite User Enumeration Flaw Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. cpe:/a:boastmachine:boastmachine:3.1 CVE-2006-0131 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.577-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-11T09:12:00.000-05:00 BUGTRAQ 20060105 [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 MISC http://echo.or.id/adv/adv26-K-159-2006.txt boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message. cpe:/a:webftp:webftp:1.2.6 CVE-2006-0132 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:22.923-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:14:00.000-05:00 SECUNIA 18355 VUPEN ADV-2006-0090 BID 16175 BUGTRAQ 20060104 SysCP WebFTP local file inclusion vulnerability XF webftp-language-file-include(24018) Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. cpe:/o:ibm:aix:5.3_ml03 CVE-2006-0133 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:26.873-04:00 3.6 LOCAL LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:16:00.000-05:00 BID 16103 BID 16102 BUGTRAQ 20060101 [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities SECTRACK 1015429 Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273. cpe:/a:thewebforum:thewebforum:1.2.1 CVE-2006-0134 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:23.080-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:18:00.000-05:00 VUPEN ADV-2006-0093 BID 16161 BUGTRAQ 20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass SECTRACK 1015450 SECUNIA 18392 MISC http://evuln.com/vulns/17/summary.html MISC http://evuln.com/vulns/17/exploit.html XF thewebforum-register-xss(24007) OSVDB 22295 Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. cpe:/a:thewebforum:thewebforum:1.2.1 CVE-2006-0135 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:23.157-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:20:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0093 BID 16161 BUGTRAQ 20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass SECTRACK 1015450 SECUNIA 18392 MISC http://evuln.com/vulns/17/summary.html MISC http://evuln.com/vulns/17/exploit.html XF thewebforum-login-sql-injection(24027) OSVDB 22294 SREASON 321 SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). cpe:/a:phanatic_softwares:chimera_web_portal:0.2 CVE-2006-0136 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:23.250-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:24:00.000-05:00 VUPEN ADV-2006-0025 BID 16113 BUGTRAQ 20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities MISC http://evuln.com/vulns/7/summary.html MISC http://evuln.com/vulns/7/exploit.html Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. cpe:/a:phanatic_softwares:chimera_web_portal:0.2 CVE-2006-0137 2006-01-09T06:03:00.000-05:00 2011-03-07T21:29:23.347-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T09:24:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0025 BID 16113 BUGTRAQ 20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities MISC http://evuln.com/vulns/7/summary.html MISC http://evuln.com/vulns/7/exploit.html XF chimera-linkcategory-sql-injection(23963) OSVDB 22420 SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. cpe:/a:amsn:amsn CVE-2006-0138 2006-01-09T06:03:00.000-05:00 2008-09-05T16:58:27.607-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-11T09:26:00.000-05:00 MISC http://www.securiteam.com/exploits/5JP090KHFQ.html OSVDB 22186 aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). cpe:/a:pd9_software:megabbs:2.1 cpe:/a:pd9_software:megabbs:2.0 CVE-2006-0139 2006-01-09T13:03:00.000-05:00 2011-03-07T21:29:25.750-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-09T13:13:00.000-05:00 BID 16168 CONFIRM http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924 MISC http://www.hamid.ir/security/megabbs.txt SECUNIA 18342 VUPEN ADV-2006-0095 XF megabbs-sendprivatemessage-disclosure(24050) SECTRACK 1015452 The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. cpe:/a:navboard:navboard:17:beta2 cpe:/a:navboard:navboard:16 CVE-2006-0140 2006-01-09T14:07:00.000-05:00 2011-03-07T21:29:25.830-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:00:00.000-05:00 XF navboard-post-xss(24021) VUPEN ADV-2006-0092 BID 16165 BUGTRAQ 20060107 [eVuln] NavBoard BBcode XSS Vulnerability OSVDB 22277 SECUNIA 18345 MISC http://evuln.com/vulns/19/summary.html Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. cpe:/a:eudora:internet_mail_server:3.2.8 cpe:/a:eudora:internet_mail_server:3.2.7 cpe:/a:eudora:internet_mail_server:3.2.6 CVE-2006-0141 2006-01-09T00:00:00.000-05:00 2006-01-09T14:07:00.000-05:00 2011-03-07T21:29:25.923-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-05-10T15:59:00.000-04:00 CONFIRM http://www.eudora.co.nz/updates.html SECUNIA 18356 VUPEN ADV-2006-0099 BID 16179 XF eims-corrupted-mail-dos(24033) XF eims-ntlm-auth-dos(24032) Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. cpe:/a:andromeda_software:andromeda:1.9.3.4 CVE-2006-0142 2006-01-09T14:07:00.000-05:00 2011-03-07T21:29:26.017-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-11T09:01:00.000-05:00 VUPEN ADV-2006-0096 BID 16183 SECUNIA 18359 XF andromeda-script-xss(24031) Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2003_server:standard:sp1 cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1 cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_2003_server:standard_64-bit cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:r2:sp1 cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_xp:::media_center cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_xp::sp2:home cpe:/o:microsoft:windows_xp::sp2:media_center cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_xp::sp2:tablet_pc cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_2003_server:web:sp1 cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1 cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2003_server:enterprise:sp1 cpe:/o:microsoft:windows_xp::sp1:media_center cpe:/o:microsoft:windows_2000::sp4:advanced_server CVE-2006-0143 2006-01-09T15:03:00.000-05:00 2011-09-22T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:58:00.000-05:00 ALLOWS_USER_ACCESS SECTRACK 1015453 XF win-gre-wmf-dos(24044) VUPEN ADV-2006-0115 BID 16167 BUGTRAQ 20060109 [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities BUGTRAQ 20060107 Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities MISC http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html CONFIRM http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. cpe:/a:php:pear:0.2.2 cpe:/a:apache2triad:apache2triad CVE-2006-0144 2006-01-09T18:03:00.000-05:00 2011-06-20T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:28:00.000-05:00 ALLOWS_OTHER_ACCESS SECUNIA 18390 XF gopear-proxy-redirection(24076) VUPEN ADV-2006-0148 BID 16174 BUGTRAQ 20060109 New PEAR / Apache2Triad Exploit CONFIRM http://apache2triad.net/forums/viewtopic.php?p=14670 The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function. cpe:/o:netbsd:netbsd:2.0.3 cpe:/o:netbsd:netbsd:2.0 cpe:/o:netbsd:netbsd:2.1 cpe:/o:netbsd:netbsd:1.6:beta cpe:/o:netbsd:netbsd:1.6.1 cpe:/o:netbsd:netbsd:2.0.2 cpe:/o:netbsd:netbsd:2.0.1 cpe:/o:netbsd:netbsd:1.6 cpe:/o:netbsd:netbsd:1.6.2 CVE-2006-0145 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:28.777-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:31:00.000-05:00 ALLOWS_USER_ACCESS BID 16173 MISC http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html BUGTRAQ 20060202 [SLAB] NetBSD / OpenBSD kernfs_xread patch evasion OSVDB 22293 SECUNIA 18712 SECUNIA 18388 NETBSD NetBSD-SA2006-001 XF netbsd-kernfs-memory-disclosure(24035) SREASON 405 The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call. cpe:/a:mediabeez:mediabeez cpe:/a:mantis:mantis:0.19.4 cpe:/a:moodle:moodle:1.5.3 cpe:/a:john_lim:adodb:4.66 cpe:/a:mantis:mantis:1.0.0_rc4 cpe:/a:postnuke_software_foundation:postnuke:0.761 cpe:/a:john_lim:adodb:4.68 cpe:/a:the_cacti_group:cacti:0.8.6g CVE-2006-0146 2006-01-09T18:03:00.000-05:00 2011-06-14T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:39:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://www.xaraya.com/index.php/news/569 BID 16187 BUGTRAQ 20060202 Bug for libs in php link directory 2.0 OSVDB 22290 GENTOO GLSA-200604-07 DEBIAN DSA-1031 DEBIAN DSA-1030 DEBIAN DSA-1029 MISC http://secunia.com/secunia_research/2005-64/advisory/ SECUNIA 19699 SECUNIA 19591 SECUNIA 19590 SECUNIA 19563 SECUNIA 19555 SECUNIA 18720 SECUNIA 18276 SECUNIA 18260 SECUNIA 18233 SECUNIA 17418 XF adodb-server-command-execution(24051) VUPEN ADV-2006-1419 VUPEN ADV-2006-1305 VUPEN ADV-2006-1304 VUPEN ADV-2006-0447 VUPEN ADV-2006-0370 VUPEN ADV-2006-0105 VUPEN ADV-2006-0104 VUPEN ADV-2006-0103 VUPEN ADV-2006-0102 VUPEN ADV-2006-0101 BUGTRAQ 20070418 MediaBeez Sql query Execution .. Wear isn't ?? :) BUGTRAQ 20060409 PhpOpenChat 3.0.x ADODB Server.php CONFIRM http://www.maxdev.com/Article550.phtml SREASON 713 SECUNIA 24954 SECUNIA 19691 SECUNIA 19600 SECUNIA 18267 SECUNIA 18254 MISC http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. cpe:/a:mantis:mantis:0.19.4 cpe:/a:moodle:moodle:1.5.3 cpe:/a:john_lim:adodb:4.66 cpe:/a:mantis:mantis:1.0.0_rc4 cpe:/a:postnuke_software_foundation:postnuke:0.761 cpe:/a:john_lim:adodb:4.68 cpe:/a:the_cacti_group:cacti:0.8.6g CVE-2006-0147 2006-01-09T18:03:00.000-05:00 2011-03-07T21:29:26.847-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:38:00.000-05:00 ALLOWS_OTHER_ACCESS OSVDB 22291 GENTOO GLSA-200604-07 DEBIAN DSA-1030 DEBIAN DSA-1029 MISC http://secunia.com/secunia_research/2005-64/advisory/ SECUNIA 19628 SECUNIA 19591 SECUNIA 19590 SECUNIA 19555 SECUNIA 18276 SECUNIA 18260 SECUNIA 18254 SECUNIA 18233 SECUNIA 17418 VUPEN ADV-2006-1332 VUPEN ADV-2006-1305 VUPEN ADV-2006-0104 VUPEN ADV-2006-0103 VUPEN ADV-2006-0102 VUPEN ADV-2006-0101 BUGTRAQ 20060412 Simplog <=0.9.2 multiple vulnerabilities BUGTRAQ 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection DEBIAN DSA-1031 SECUNIA 19600 SECUNIA 18267 MISC http://retrogod.altervista.org/simplog_092_incl_xpl.html MISC http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html MILW0RM 1663 XF adodb-tmssql-command-execution(24052) SECUNIA 19691 Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo. cpe:/a:netsarang:xlpd:2.1 CVE-2006-0148 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.263-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-10T08:41:00.000-05:00 BID 16164 MISC http://www.ipomonis.com/advisories/xlpd.txt SECTRACK 1015444 XF xlpd-connection-dos(24041) NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address. cpe:/a:simpbook:simpbook:1.0 CVE-2006-0149 2006-01-09T18:03:00.000-05:00 2008-09-05T16:58:29.403-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:42:00.000-05:00 SECTRACK 1015451 FULLDISC 20060106 SimpBook "message" Remote Cross-Site Scripting Vulnerability Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field. cpe:/a:dave_carrigan:auth_ldap:1.3.3 cpe:/a:dave_carrigan:auth_ldap:1.4.2 cpe:/a:dave_carrigan:auth_ldap:1.3.0 cpe:/a:dave_carrigan:auth_ldap:1.4.3 cpe:/a:dave_carrigan:auth_ldap:1.2.1 cpe:/a:dave_carrigan:auth_ldap:1.2.3 cpe:/a:dave_carrigan:auth_ldap:1.3.2 cpe:/a:dave_carrigan:auth_ldap:1.2.2 cpe:/a:dave_carrigan:auth_ldap:1.2.4 cpe:/a:dave_carrigan:auth_ldap:1.4.0 cpe:/a:dave_carrigan:auth_ldap:1.3.4 cpe:/a:dave_carrigan:auth_ldap:1.6.0 cpe:/a:dave_carrigan:auth_ldap:1.3.1 CVE-2006-0150 2005-12-22T00:00:00.000-05:00 2006-01-09T18:03:00.000-05:00 2011-09-09T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:46:00.000-05:00 ALLOWS_USER_ACCESS MANDRIVA MDKSA-2006:017 BID 16177 REDHAT RHSA-2006:0179 DEBIAN DSA-952 SECUNIA 18568 SECUNIA 18412 SECUNIA 18405 SECUNIA 18382 XF apache-authldap-format-string(24030) VUPEN ADV-2006-0117 BUGTRAQ 20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability CONFIRM http://www.rudedog.org/auth_ldap/Changes.html MISC http://www.digitalarmaments.com/2006090173928420.html SECTRACK 1015456 Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. cpe:/a:todd_miller:sudo:1.6.5 cpe:/a:todd_miller:sudo:1.6.3_p7 cpe:/a:todd_miller:sudo:1.6 cpe:/a:todd_miller:sudo:1.6.7_p5 cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc cpe:/a:todd_miller:sudo:1.6.6 cpe:/a:todd_miller:sudo:1.6.3_p6 cpe:/a:todd_miller:sudo:1.6.3_p3 cpe:/a:todd_miller:sudo:1.6.3_p2 cpe:/a:todd_miller:sudo:1.6.5_p1 cpe:/o:ubuntu:ubuntu_linux:5.10::i386 cpe:/a:todd_miller:sudo:1.6.4_p1 cpe:/a:todd_miller:sudo:1.6.8_p9 cpe:/a:todd_miller:sudo:1.6.1 cpe:/a:todd_miller:sudo:1.6.8_p5 cpe:/a:todd_miller:sudo:1.5.9 cpe:/a:todd_miller:sudo:1.5.6 cpe:/a:todd_miller:sudo:1.6.3_p5 cpe:/a:todd_miller:sudo:1.6.8_p7 cpe:/a:todd_miller:sudo:1.6.3 cpe:/a:todd_miller:sudo:1.6.8 cpe:/a:todd_miller:sudo:1.5.8 cpe:/a:todd_miller:sudo:1.6.8_p2 cpe:/a:todd_miller:sudo:1.6.8_p8 cpe:/a:todd_miller:sudo:1.6.8_p12 cpe:/a:todd_miller:sudo:1.6.4 cpe:/o:ubuntu:ubuntu_linux:5.10::amd64 cpe:/a:todd_miller:sudo:1.6.8_p1 cpe:/a:todd_miller:sudo:1.6.3_p4 cpe:/a:todd_miller:sudo:1.6.7 cpe:/o:ubuntu:ubuntu_linux:5.04::i386 cpe:/a:todd_miller:sudo:1.6.4_p2 cpe:/o:ubuntu:ubuntu_linux:5.04::amd64 cpe:/o:ubuntu:ubuntu_linux:4.1::ia64 cpe:/a:todd_miller:sudo:1.6.3_p1 cpe:/a:todd_miller:sudo:1.6.5_p2 cpe:/a:todd_miller:sudo:1.6.2 cpe:/o:ubuntu:ubuntu_linux:4.1::ppc cpe:/a:todd_miller:sudo:1.5.7 cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc CVE-2006-0151 2006-01-09T18:03:00.000-05:00 2010-04-02T02:36:11.967-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-10T09:22:00.000-05:00 ALLOWS_ADMIN_ACCESS SECUNIA 18363 UBUNTU USN-235-2 BID 16184 SECUNIA 18358 TRUSTIX 2006-0010 SUSE SUSE-SR:2006:002 MANDRIVA MDKSA-2006:159 DEBIAN DSA-946 SLACKWARE SSA:2006-045-08 SECUNIA 21692 SECUNIA 19016 SECUNIA 18906 SECUNIA 18558 SECUNIA 18549 sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. cpe:/a:phpchamber:phpchamber:1.2 CVE-2006-0152 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.330-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:08:00.000-05:00 VUPEN ADV-2006-0094 BID 16180 SECUNIA 18360 XF phpchamber-searchresult-xss(24029) OSVDB 22282 Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0153 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.423-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:11:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0091 BID 16178 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-scripts-security-bypass(24038) OSVDB 22274 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0154 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.517-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:12:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0091 BID 16169 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-showthread-sql-injection(24039) OSVDB 22275 SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter. cpe:/a:427bb:fourtwosevenbb:2.2.1 cpe:/a:427bb:fourtwosevenbb:2.2 CVE-2006-0155 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.610-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:13:00.000-05:00 VUPEN ADV-2006-0091 BUGTRAQ 20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS) SECUNIA 18354 MISC http://evuln.com/vulns/18/summary.html XF 427bb-posts-xss(24040) OSVDB 22276 Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI. cpe:/a:foxrum:foxrum:4.0.4f CVE-2006-0156 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.703-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:14:00.000-05:00 VUPEN ADV-2006-0121 BID 16172 BUGTRAQ 20060109 [eVuln] Foxrum BBCode XSS Vulnerabilty SECUNIA 18386 MISC http://evuln.com/vulns/20 XF foxrum-bbcode-xss(24043) SREASON 325 Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. cpe:/a:reamday_enterprises:magic_news_plus:1.0.3 CVE-2006-0157 2006-01-10T06:03:00.000-05:00 2008-09-05T16:58:30.717-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-10T08:18:00.000-05:00 BID 16182 MISC http://downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.pl SECUNIA 18601 settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters. cpe:/a:cyberdoc:sitesuite_cms CVE-2006-0158 2006-01-10T06:03:00.000-05:00 2011-03-07T21:29:27.860-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:21:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0038 OSVDB 22205 SECUNIA 18305 MISC http://osvdb.org/ref/22/22205-sitesuite.txt SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter. cpe:/a:javier_suarez_sanz:foro_domus:2.10 CVE-2006-0159 2006-01-10T06:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:23:00.000-05:00 ALLOWS_OTHER_ACCESS XF domus-escribir-sql-injection(24017) VUPEN ADV-2006-0073 OSVDB 22264 SECUNIA 18327 SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information. cpe:/a:venom_board:venom_board:1.22 CVE-2006-0160 2006-01-10T06:03:00.000-05:00 2011-08-08T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-10T08:26:00.000-05:00 ALLOWS_OTHER_ACCESS XF venomboard-addpost-sql-injection(24046) VUPEN ADV-2006-0122 BID 16176 OSVDB 22297 SREASON 326 SECUNIA 18383 BUGTRAQ 20060109 [eVuln] Venom Board SQL Injection Vulnerability MISC http://evuln.com/vulns/21/summary.html SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:solaris:8.0 CVE-2006-0161 2006-01-10T14:03:00.000-05:00 2011-03-07T21:29:28.097-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:51:00.000-05:00 ALLOWS_USER_ACCESS SUNALERT 101933 VUPEN ADV-2006-0113 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm SECTRACK 1015455 SECUNIA 19087 SECUNIA 18371 Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780. cpe:/a:clam_anti-virus:clamav:0.84_rc1 cpe:/a:clam_anti-virus:clamav:0.80_rc2 cpe:/a:clam_anti-virus:clamav:0.70 cpe:/a:clam_anti-virus:clamav:0.52 cpe:/a:clam_anti-virus:clamav:0.84 cpe:/a:clam_anti-virus:clamav:0.60 cpe:/a:clam_anti-virus:clamav:0.65 cpe:/a:clam_anti-virus:clamav:0.54 cpe:/a:clam_anti-virus:clamav:0.75.1 cpe:/a:clam_anti-virus:clamav:0.67 cpe:/a:clam_anti-virus:clamav:0.85.1 cpe:/a:clam_anti-virus:clamav:0.51 cpe:/a:clam_anti-virus:clamav:0.68.1 cpe:/a:clam_anti-virus:clamav:0.83 cpe:/a:clam_anti-virus:clamav:0.86 cpe:/a:clam_anti-virus:clamav:0.84_rc2 cpe:/a:clam_anti-virus:clamav:0.81 cpe:/a:clam_anti-virus:clamav:0.85 cpe:/a:clam_anti-virus:clamav:0.80_rc3 cpe:/a:clam_anti-virus:clamav:0.80_rc1 cpe:/a:clam_anti-virus:clamav:0.68 cpe:/a:clam_anti-virus:clamav:0.53 cpe:/a:clam_anti-virus:clamav:0.80 cpe:/a:clam_anti-virus:clamav:0.86.2 cpe:/a:clam_anti-virus:clamav:. cpe:/a:clam_anti-virus:clamav:0.86.1 cpe:/a:clam_anti-virus:clamav:0.80_rc4 cpe:/a:clam_anti-virus:clamav:0.82 cpe:/a:clam_anti-virus:clamav:0.87 cpe:/a:clam_anti-virus:clamav:0.87.1 CVE-2006-0162 2006-01-10T14:03:00.000-05:00 2011-03-07T21:29:28.220-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-11T08:53:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#385908 BID 16191 SECUNIA 18379 VUPEN ADV-2006-0116 CONFIRM http://www.clamav.net/doc/0.88/ChangeLog XF clamav-libclamav-upx-bo(24047) MISC http://www.zerodayinitiative.com/advisories/ZDI-06-001.html TRUSTIX 2006-0002 OSVDB 22318 MANDRIVA MDKSA-2006:016 GENTOO GLSA-200601-07 DEBIAN DSA-947 SECTRACK 1015457 SREASON 342 SECUNIA 18548 SECUNIA 18478 SECUNIA 18463 SECUNIA 18453 FULLDISC 20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. cpe:/a:francisco_burzi:php-nuke_ev:7.7_r1 CVE-2006-0163 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.313-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T08:04:00.000-05:00 ALLOWS_OTHER_ACCESS XF phpnukeev-search-sql-injection(44978) VUPEN ADV-2006-0120 BID 16186 OSVDB 22316 SECUNIA 18394 MISC http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792. cpe:/a:woah-projekt:phgstats:0.2 cpe:/a:woah-projekt:phgstats:0.1 cpe:/a:woah-projekt:phgstats:0.4.1 cpe:/a:woah-projekt:phgstats:0.3.1 cpe:/a:woah-projekt:phgstats:0.4 cpe:/a:woah-projekt:phgstats:0.5 cpe:/a:woah-projekt:phgstats:0.4.2 cpe:/a:woah-projekt:phgstats:0.3 CVE-2006-0164 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.407-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T08:11:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://sourceforge.net/project/shownotes.php?release_id=384232 SECUNIA 18346 VUPEN ADV-2006-0123 XF phgstats-php-file-include(24062) BID 17469 OSVDB 22302 phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable. cpe:/a:plain_black:webgui:6.5.6_gamma cpe:/a:plain_black:webgui:6.4.0_beta cpe:/a:plain_black:webgui:6.8.3_gamma cpe:/a:plain_black:webgui:6.5.1_beta cpe:/a:plain_black:webgui:6.6.1_beta cpe:/a:plain_black:webgui:6.6.5 cpe:/a:plain_black:webgui:6.7.4_gamma cpe:/a:plain_black:webgui:6.7.1_beta cpe:/a:plain_black:webgui:5.5.8 cpe:/a:plain_black:webgui:6.7.5_gamma cpe:/a:plain_black:webgui:6.2.11_gamma cpe:/a:plain_black:webgui:6.3.0_beta cpe:/a:plain_black:webgui:6.7.8_gamma cpe:/a:plain_black:webgui:6.7.6_gamma cpe:/a:plain_black:webgui:6.5.2_beta cpe:/a:plain_black:webgui:6.7.2_beta cpe:/a:plain_black:webgui:6.6.4_gamma cpe:/a:plain_black:webgui:6.2.10_gamma cpe:/a:plain_black:webgui:6.6.3_gamma cpe:/a:plain_black:webgui:6.7.0_beta cpe:/a:plain_black:webgui:6.6.0_beta cpe:/a:plain_black:webgui:6.5.3_beta cpe:/a:plain_black:webgui:6.5.4_gamma cpe:/a:plain_black:webgui:6.5.5_gamma cpe:/a:plain_black:webgui:6.8.1_beta cpe:/a:plain_black:webgui:6.7.3_gamma cpe:/a:plain_black:webgui:6.6.2_gamma cpe:/a:plain_black:webgui:6.8.2_beta cpe:/a:plain_black:webgui:6.7.7_gamma cpe:/a:plain_black:webgui:6.5.0_beta CVE-2006-0165 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.500-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T08:13:00.000-05:00 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417 SECUNIA 18372 VUPEN ADV-2006-0126 MISC http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213 XF webgui-forms-xss(24053) Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form. cpe:/a:symantec:norton_system_works:2005_premier cpe:/a:symantec:norton_system_works:2005 cpe:/a:symantec:norton_system_works:2006_premier cpe:/a:symantec:norton_system_works:2006 CVE-2006-0166 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.597-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T15:47:00.000-05:00 SECTRACK 1015462 CONFIRM http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html SECUNIA 18402 XF systemworks-nprotect-hidden(24061) VUPEN ADV-2006-0143 Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products. cpe:/a:myphpim:myphpim:01.05 CVE-2006-0167 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.703-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T12:12:00.000-05:00 ALLOWS_OTHER_ACCESS XF myphpim-login-sql-injection(24075) XF myphpim-calendar-sql-injection(24066) VUPEN ADV-2006-0147 BID 16210 BUGTRAQ 20060111 [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities OSVDB 22325 OSVDB 22324 SECUNIA 18399 MISC http://evuln.com/vulns/22/summary.html SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page. cpe:/a:myphpim:myphpim:01.05 CVE-2006-0168 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.813-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T12:14:00.000-05:00 XF myphpim-todo-xss(24071) VUPEN ADV-2006-0147 BID 16210 BUGTRAQ 20060111 [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities OSVDB 22326 SECUNIA 18399 MISC http://evuln.com/vulns/22/summary.html Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page. cpe:/a:myphpim:myphpim:01.05 CVE-2006-0169 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:28.907-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-05T08:55:00.000-04:00 ALLOWS_OTHER_ACCESS XF myphpim-addresses-file-upload(24070) VUPEN ADV-2006-0147 BID 16208 BUGTRAQ 20060111 [eVuln] MyPhPim Arbitrary File Upload SECUNIA 18399 MISC http://evuln.com/vulns/23/summary.html addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory. CVE-2006-0170 2006-01-11T16:03:00.000-05:00 2008-09-10T15:56:39.307-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0035. Reason: This candidate is a duplicate of CVE-2006-0035. Notes: All CVE users should reference CVE-2006-0035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:orjinweb:orjinweb_e-commerce CVE-2006-0171 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:32.887-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T12:22:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16199 BUGTRAQ 20060106 Orjinweb E-commerce XF orjinweb-url-file-include(24097) OSVDB 22387 PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. cpe:/a:hummingbird:enterprise_collaboration:5.21 cpe:/a:hummingbird:enterprise_collaboration:5.2 CVE-2006-0172 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:29.033-05:00 3.5 NETWORK MEDIUM SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T12:28:00.000-05:00 VUPEN ADV-2006-0145 BID 16195 BUGTRAQ 20060110 Multiple Vulnerabilities in Hummingbird Collaboration MISC http://www.securenetwork.it/advisories/sn-2006-01.html SECUNIA 18411 XF hummingbird-enterprise-xss(24067) Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. cpe:/a:hummingbird:enterprise_collaboration:5.21 cpe:/a:hummingbird:enterprise_collaboration:5.2 CVE-2006-0173 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:29.127-05:00 4.0 NETWORK LOW SINGLE_INSTANCE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T12:32:00.000-05:00 VUPEN ADV-2006-0145 BID 16195 BUGTRAQ 20060110 Multiple Vulnerabilities in Hummingbird Collaboration MISC http://www.securenetwork.it/advisories/sn-2006-01.html SECUNIA 18411 XF hummingbird-enterprise-file-download(24068) Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content. cpe:/a:hummingbird:collaboration:5.2 cpe:/a:hummingbird:enterprise_collaboration:5.21 cpe:/a:hummingbird:enterprise_collaboration:5.2 cpe:/a:hummingbird:collaboration:5.21 CVE-2006-0174 2006-01-11T16:03:00.000-05:00 2011-03-07T21:29:29.237-05:00 4.0 NETWORK LOW SINGLE_INSTANCE PARTIAL NONE NONE http://nvd.nist.gov 2006-01-12T12:34:00.000-05:00 VUPEN ADV-2006-0145 BID 16195 BUGTRAQ 20060110 Multiple Vulnerabilities in Hummingbird Collaboration MISC http://www.securenetwork.it/advisories/sn-2006-01.html SECUNIA 18411 XF hummingbird-enterprise-information-disclosure(24069) SREASON 328 Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. cpe:/a:webwiz:web_wiz_forums:6.34 CVE-2006-0175 2006-01-11T16:03:00.000-05:00 2013-01-03T00:00:00.000-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T13:09:00.000-05:00 BID 16196 XF webwizforums-searchform-xss(24048) BUGTRAQ 20060111 Advisory:XSS vulnerability on WebWiz Forums <= 6.34(search_form.asp) OSVDB 22398 FULLDISC 20060109 Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp) Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. cpe:/a:xmame:xmame:0.102 CVE-2006-0176 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:33.683-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-12T13:19:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 16203 BUGTRAQ 20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation FULLDISC 20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation. XF xmame-multiple-parameters-bo(24102) CONFIRM http://x.mame.net/changes-unix.html Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. cpe:/o:cray:unicos:9.0.2.2 CVE-2006-0177 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:33.840-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-12T13:28:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 16205 FULLDISC 20060110 SUID root overflows in UNICOS and partial shellcode XF unicos-command-line-bo(24276) Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line. cpe:/o:cray:unicos:9.0.2.2 CVE-2006-0178 2006-01-11T16:03:00.000-05:00 2008-09-05T16:58:33.980-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-12T13:34:00.000-05:00 BID 16205 FULLDISC 20060110 SUID root overflows in UNICOS and partial shellcode XF unicos-ftp-format-string(24277) Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. cpe:/h:cisco:ip_phone_7940 CVE-2006-0179 2006-01-11T16:03:00.000-05:00 2011-03-07T00:00:00.000-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-12T13:41:00.000-05:00 SECTRACK 1015488 SECUNIA 18479 XF cisco-ipphone-synflood-dos(24117) VUPEN ADV-2006-0202 BID 16200 OSVDB 22469 CISCO 20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com MISC http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. cpe:/a:calogic:calogic_calendars:1.2.2 CVE-2006-0180 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:31.987-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T07:27:00.000-05:00 VUPEN ADV-2006-0149 BID 16206 SECUNIA 18417 MISC http://evuln.com/vulns/24/summary.html XF calogic-newevent-xss(24077) BUGTRAQ 20060116 [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities OSVDB 22322 Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. cpe:/h:cisco:cs-mars:4.1.2 cpe:/h:cisco:cs-mars:4.1 CVE-2006-0181 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.063-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-12T07:37:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 16211 CISCO 20060111 Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) VUPEN ADV-2006-0154 XF cisco-csmars-default-password(24065) OSVDB 22346 SECTRACK 1015471 SREASON 335 SECUNIA 18424 Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. cpe:/a:acal:calendar_project:2.2.5 CVE-2006-0182 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.127-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T07:40:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0152 MISC http://evuln.com/vulns/25/summary.html XF acal-login-auth-bypass(24104) BUGTRAQ 20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion OSVDB 22344 SREASON 343 SECUNIA 18432 login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". cpe:/a:acal:calendar_project:2.2.5 CVE-2006-0183 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.187-05:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T07:41:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0152 MISC http://evuln.com/vulns/25/summary.html XF acal-header-footer-code-execute(24107) BUGTRAQ 20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion OSVDB 22345 SREASON 343 SECUNIA 18432 Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. cpe:/a:mainenet_enterprises:asptopsites CVE-2006-0184 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.283-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T07:42:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0146 MISC http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt SECUNIA 18408 XF asptopsites-goto-sql-injection(24072) OSVDB 22330 FULLDISC 20060110 AspTopSites SQL injection Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. cpe:/a:php-nuke:news_module cpe:/a:php-nuke:pool_module CVE-2006-0185 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.347-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-12T07:43:00.000-05:00 VUPEN ADV-2006-0125 BID 16192 BUGTRAQ 20060107 Php-Nuke Pool and News Module IMG Tag Cross Site SECUNIA 18374 Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. CVE-2006-0186 2006-01-12T01:02:00.000-05:00 2008-09-10T15:56:42.383-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4500. Reason: This candidate is a duplicate of CVE-2005-4500. Notes: All CVE users should reference CVE-2005-4500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:microsoft:visual_studio_.net:2005 CVE-2006-0187 2006-01-12T01:02:00.000-05:00 2011-03-07T21:29:32.453-05:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-12T07:55:00.000-05:00 ALLOWS_USER_ACCESS VUPEN ADV-2006-0151 BID 16225 BUGTRAQ 20060113 Visual Studio Remote Code Execution SECUNIA 18409 XF visualstudio-usercontrol-code-execution(24116) By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. cpe:/a:squirrelmail:squirrelmail:1.4.6_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3a cpe:/a:squirrelmail:squirrelmail:1.4.4 cpe:/a:squirrelmail:squirrelmail:1.4_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3_r3 cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.1 cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3 cpe:/a:squirrelmail:squirrelmail:1.4.2 cpe:/a:squirrelmail:squirrelmail:1.4 cpe:/a:squirrelmail:squirrelmail:1.4.5 CVE-2006-0188 2006-02-23T19:02:00.000-05:00 2011-03-07T21:29:32.627-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-02-24T08:46:00.000-05:00 XF squirrelmail-webmail-xss(24847) VUPEN ADV-2006-0689 CONFIRM http://www.squirrelmail.org/security/issue/2006-02-01 BID 16756 SECTRACK 1015662 SECUNIA 18985 REDHAT RHSA-2006:0283 FEDORA FEDORA-2006-133 SUSE SUSE-SR:2006:005 MANDRIVA MDKSA-2006:049 GENTOO GLSA-200603-09 DEBIAN DSA-988 SECUNIA 20210 SECUNIA 19960 SECUNIA 19205 SECUNIA 19176 SECUNIA 19131 SECUNIA 19130 SGI 20060501-01-U webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. cpe:/a:estara:softphone:3.0.1.46 cpe:/a:estara:softphone:3.0.1.14 CVE-2006-0189 2006-01-13T06:03:00.000-05:00 2011-03-07T21:29:32.720-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-13T07:39:00.000-05:00 ALLOWS_USER_ACCESS XF estara-sip-sdp-bo(24090) VUPEN ADV-2006-0167 BID 16213 BUGTRAQ 20060111 eStara Softphone SIP stack Buffer Overflow Vulnerability SECTRACK 1015481 SECUNIA 18410 OSVDB 22348 Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. cpe:/o:sun:solaris:9.0::sparc cpe:/o:sun:solaris:10.0::sparc CVE-2006-0190 2006-01-13T06:03:00.000-05:00 2011-03-07T21:29:32.830-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-13T07:44:00.000-05:00 ALLOWS_ADMIN_ACCESS SUNALERT 102066 SECUNIA 18421 VUPEN ADV-2006-0165 XF solaris-unspecified-root-access(24084) BID 16224 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm SECTRACK 1015478 SECUNIA 19087 Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. cpe:/o:sun:solaris:10.0::sparc CVE-2006-0191 2006-01-13T06:03:00.000-05:00 2011-03-07T21:29:32.923-05:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-01-13T07:45:00.000-05:00 SUNALERT 102108 SECUNIA 18420 VUPEN ADV-2006-0166 XF solaris-find-proc-dos(24085) BID 16222 OSVDB 22347 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm SECTRACK 1015479 SECUNIA 19087 Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250. cpe:/a:philip_loftin:aspsurvey:1.10 CVE-2006-0192 2006-01-13T06:03:00.000-05:00 2011-08-05T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-13T07:49:00.000-05:00 ALLOWS_OTHER_ACCESS XF aspsurvey-loginvalidate-sql-injection(24087) VUPEN ADV-2006-0164 BID 16496 BUGTRAQ 20060204 sql injection in ASP Survey OSVDB 22342 SREASON 414 SECUNIA 18422 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. cpe:/a:positive_software:h-sphere:2.4.2_patch_2 cpe:/a:positive_software:h-sphere:2.4.1_patch_7 cpe:/a:positive_software:h-sphere:2.4.2 cpe:/a:positive_software:h-sphere:2.4.1 cpe:/a:positive_software:h-sphere:2.4.3_beta_2 cpe:/a:positive_software:h-sphere:2.4.3_patch_8 cpe:/a:positive_software:h-sphere:2.4.2_patch_4 cpe:/a:positive_software:h-sphere:2.4.1_patch_6 cpe:/a:positive_software:h-sphere:2.4.3_patch_1 cpe:/a:positive_software:h-sphere:2.4.3_patch_2 cpe:/a:positive_software:h-sphere:2.4.3_patch_4 cpe:/a:positive_software:h-sphere:2.4.2_patch_3 cpe:/a:positive_software:h-sphere:2.4.3_rc2 cpe:/a:positive_software:h-sphere:2.4.2_rc2 cpe:/a:positive_software:h-sphere:2.4.1_patch_3 cpe:/a:positive_software:h-sphere:2.4.1_patch_1 cpe:/a:positive_software:h-sphere:2.4.3_rc1 cpe:/a:positive_software:h-sphere:2.4.3_patch_3 cpe:/a:positive_software:h-sphere:2.4.3 cpe:/a:positive_software:h-sphere:2.4.2_patch_5 cpe:/a:positive_software:h-sphere:2.4.2_beta_3 cpe:/a:positive_software:h-sphere:2.4.1_patch_5 cpe:/a:positive_software:h-sphere:2.4.2_beta_2 cpe:/a:positive_software:h-sphere:2.4.1_patch_4 cpe:/a:positive_software:h-sphere:2.4.2_beta_1 cpe:/a:positive_software:h-sphere:2.4.3_patch_6 cpe:/a:positive_software:h-sphere:2.4.3_patch_5 cpe:/a:positive_software:h-sphere:2.4.3_beta_1 cpe:/a:positive_software:h-sphere:2.4.1_patch_2 cpe:/a:positive_software:h-sphere:2.4.2_rc1 cpe:/a:positive_software:h-sphere:2.4.2_patch_1 cpe:/a:positive_software:h-sphere:2.4.3_patch_7 CVE-2006-0193 2006-01-13T06:03:00.000-05:00 2011-03-07T21:29:33.110-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-13T09:04:00.000-05:00 BUGTRAQ 20060112 H-Sphere Security Vulnerability VUPEN ADV-2006-0172 CONFIRM http://www.psoft.net/HSdocumentation/versions/?v=all&p=r XF hsphere-login-xss(24096) CONFIRM http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r OSVDB 22372 SECUNIA 18447 Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. cpe:/a:fog_creek_software:fogbugz:4.029 CVE-2006-0194 2006-01-13T06:03:00.000-05:00 2011-03-07T21:29:33.203-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-13T09:10:00.000-05:00 BID 16216 VUPEN ADV-2006-0174 BUGTRAQ 20060112 FogBugz Cross Site Scripting Vulnerability CONFIRM http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html XF fogbugz-login-xss(24103) OSVDB 22370 SECUNIA 18443 Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. cpe:/a:squirrelmail:squirrelmail:1.4.6_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3a cpe:/a:squirrelmail:squirrelmail:1.4.4 cpe:/a:squirrelmail:squirrelmail:1.4_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3_r3 cpe:/a:squirrelmail:squirrelmail:1.4.4_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.1 cpe:/a:squirrelmail:squirrelmail:1.4.3_rc1 cpe:/a:squirrelmail:squirrelmail:1.4.3 cpe:/a:squirrelmail:squirrelmail:1.4.2 cpe:/a:squirrelmail:squirrelmail:1.4 cpe:/a:squirrelmail:squirrelmail:1.4.5 CVE-2006-0195 2006-02-23T19:02:00.000-05:00 2011-03-07T21:29:33.297-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-02-24T09:00:00.000-05:00 XF squirrelmail-magichtml-xss(24848) VUPEN ADV-2006-0689 CONFIRM http://www.squirrelmail.org/security/issue/2006-02-10 BID 16756 SECTRACK 1015662 SECUNIA 18985 REDHAT RHSA-2006:0283 FEDORA FEDORA-2006-133 SUSE SUSE-SR:2006:005 MANDRIVA MDKSA-2006:049 GENTOO GLSA-200603-09 DEBIAN DSA-988 SECUNIA 20210 SECUNIA 19960 SECUNIA 19205 SECUNIA 19176 SECUNIA 19131 SECUNIA 19130 SGI 20060501-01-U Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. cpe:/a:serial_line_sniffer:serial_line_sniffer:0.4.4 CVE-2006-0196 2006-01-13T18:03:00.000-05:00 2011-03-07T21:29:33.487-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-17T09:24:00.000-05:00 ALLOWS_USER_ACCESS XF slsnif-home-bo(24082) VUPEN ADV-2006-0212 BUGTRAQ 20060111 Serial Line Sniffer 0.4.4 Buffer Overflow MISC http://shellcoders.com/sintigan/slsnif-ploit.pl SECUNIA 18497 Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. cpe:/a:x.org:x.org:6.8.2 CVE-2006-0197 2006-01-13T18:03:00.000-05:00 2008-09-05T16:58:36.840-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2006-01-17T09:31:00.000-05:00 BUGTRAQ 20060108 xorg server 6.8.2 and below on 64bit arch The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. cpe:/a:xoops:xoops_pool_module CVE-2006-0198 2006-01-13T18:03:00.000-05:00 2008-09-05T16:58:36.980-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-17T09:33:00.000-05:00 MISC http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481 BID 16189 BUGTRAQ 20060107 Xoops Pool Module IMG Tag Cross Site Scripting XF xoops-pool-imagetag-xss(24091) Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. cpe:/a:mini-nuke:cms_system:1.8.2 CVE-2006-0199 2006-01-13T18:03:00.000-05:00 2011-08-05T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-02T10:47:00.000-04:00 ALLOWS_OTHER_ACCESS XF mininuke-news-sql-injection(24098) VUPEN ADV-2006-0173 BUGTRAQ 20060113 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability OSVDB 22384 MISC http://www.nukedx.com/?viewdoc=7 SREASON 340 SECUNIA 18439 FULLDISC 20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. cpe:/a:php:php:5.1 cpe:/a:php:php:5.1.1 CVE-2006-0200 2006-01-13T18:03:00.000-05:00 2011-03-07T21:29:33.813-05:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2006-01-17T09:35:00.000-05:00 ALLOWS_ADMIN_ACCESS XF php-extmysqli-format-string(24095) BID 16219 CONFIRM http://www.php.net/release_5_1_2.php SECUNIA 18431 VUPEN ADV-2006-0369 VUPEN ADV-2006-0177 BUGTRAQ 20060112 Advisory 02/2006: PHP ext/mysqli Format String Vulnerability MISC http://www.hardened-php.net/advisory_022006.113.html SECTRACK 1015485 SREASON 337 Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. cpe:/a:paypal:php_toolkit:0.50 CVE-2006-0201 2006-01-13T18:03:00.000-05:00 2011-03-07T21:29:34.347-05:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-17T09:41:00.000-05:00 VUPEN ADV-2006-0183 MISC http://www.uinc.ru/articles/vuln/ptpaypal050.shtml BID 16218 BUGTRAQ 20060112 Multiple PHP Toolkit for PayPal Vulnerabilities SECUNIA 18444 OSVDB 22378 Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. cpe:/a:paypal:php_toolkit:0.50 CVE-2006-0202 2006-01-13T18:03:00.000-05:00 2011-03-07T21:29:34.437-05:00 3.6 LOCAL LOW NONE PARTIAL PARTIAL NONE http://nvd.nist.gov 2006-01-17T09:43:00.000-05:00 VUPEN ADV-2006-0183 MISC http://www.uinc.ru/articles/vuln/ptpaypal050.shtml BID 16218 BUGTRAQ 20060112 Multiple PHP Toolkit for PayPal Vulnerabilities SECUNIA 18444 OSVDB 22379 Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. cpe:/a:mini-nuke:cms_system:1.8.2 CVE-2006-0203 2006-01-13T18:03:00.000-05:00 2011-10-03T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-05-02T10:50:00.000-04:00 XF mininuke-membership-change-password(24101) VUPEN ADV-2006-0173 BUGTRAQ 20060113 Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remoteuser password change exploit OSVDB 22385 SREASON 344 SECUNIA 18439 FULLDISC 20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability FULLDISC 20060112 Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit BUGTRAQ 20060129 [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl > membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. cpe:/a:wordcircle:wordcircle:2.17 CVE-2006-0204 2006-01-13T18:03:00.000-05:00 2011-03-07T21:29:34.783-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-17T09:44:00.000-05:00 XF wordcircle-index-xss(24106) VUPEN ADV-2006-0185 BID 16227 BUGTRAQ 20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities OSVDB 22359 SECUNIA 18440 MISC http://evuln.com/vulns/28/summary.html SREASON 345 Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. cpe:/a:wordcircle:wordcircle:2.17 CVE-2006-0205 2006-01-13T18:03:00.000-05:00 2011-09-06T00:00:00.000-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-05-02T10:52:00.000-04:00 ALLOWS_OTHER_ACCESS XF wordcircle-login-security-bypass(24108) XF wordcircle-sql-injection(24105) VUPEN ADV-2006-0185 BID 16227 BUGTRAQ 20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities BUGTRAQ 20060112 [eVuln] Wordcircle Authentication Bypass OSVDB 22358 SREASON 346 SREASON 345 SECUNIA 18440 MISC http://evuln.com/vulns/28/summary.html MISC http://evuln.com/vulns/27/summary.html Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. cpe:/a:light_weight_calendar:light_weight_calendar:1.0 CVE-2006-0206 2006-01-13T18:03:00.000-05:00 2008-09-05T16:58:38.167-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-17T09:46:00.000-05:00 ALLOWS_OTHER_ACCESS BID 16229 SECUNIA 18450 MISC http://evuln.com/vulns/29/summary.html MISC http://evuln.com/vulns/29/exploit.html XF lwc-cal-execute-code(24110) OSVDB 22376 VIM 20060318 Source VERIFY - Light Weight Calendar issue is eval injection Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. cpe:/a:php:php:5.0.4 cpe:/a:php:php:5.0.0 cpe:/a:php:php:5.0.1 cpe:/a:php:php:5.0:rc1 cpe:/a:php:php:5.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:5.1.1 cpe:/a:php:php:5.0.5 cpe:/a:php:php:5.0:rc3 cpe:/a:php:php:5.0:rc2 cpe:/a:php:php:5.0.3 CVE-2006-0207 2006-01-13T18:03:00.000-05:00 2011-09-09T00:00:00.000-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-05-02T11:30:00.000-04:00 XF php-session-response-splitting(24094) BID 16220 GENTOO GLSA-200603-22 SECTRACK 1015484 SECUNIA 19355 SECUNIA 19179 SECUNIA 18697 SECUNIA 18431 VUPEN ADV-2006-0369 VUPEN ADV-2006-0177 UBUNTU USN-261-1 CONFIRM http://www.php.net/release_5_1_2.php MANDRIVA MDKSA-2006:028 MISC http://www.hardened-php.net/advisory_012006.112.html DEBIAN DSA-1331 SECUNIA 25945 SECUNIA 19012 SUSE SUSE-SR:2006:004 Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. cpe:/a:php:php:5.0.0:rc1 cpe:/a:php:php:4.0.1 cpe:/a:php:php:5.0.0:beta3 cpe:/a:php:php:5.0.0:beta2 cpe:/a:php:php:5.0.0:rc3 cpe:/a:php:php:5.0.5 cpe:/a:php:php:4.3.10 cpe:/a:php:php:4.3.1 cpe:/a:php:php:4.0.0 cpe:/a:php:php:4.3.7 cpe:/a:php:php:4.2.0 cpe:/a:php:php:4.2.2 cpe:/a:php:php:5.0.1 cpe:/a:php:php:4.0.2 cpe:/a:php:php:4.0.6 cpe:/a:php:php:4.1.2 cpe:/a:php:php:4.0:rc1 cpe:/a:php:php:4.0.5 cpe:/a:php:php:4.0:beta1 cpe:/a:php:php:5.1.1 cpe:/a:php:php:4.0:rc2 cpe:/a:php:php:4.3.6 cpe:/a:php:php:4.3 cpe:/a:php:php:4.0.4 cpe:/a:php:php:4.4.2 cpe:/a:php:php:5.0.0:rc2 cpe:/a:php:php:5.0.4 cpe:/a:php:php:4.3.4 cpe:/a:php:php:4.0.3 cpe:/a:php:php:4.3.2 cpe:/a:php:php:4.0:beta2 cpe:/a:php:php:4.3.3 cpe:/a:php:php:4.0:beta4 cpe:/a:php:php:5.1.0 cpe:/a:php:php:5.0.0 cpe:/a:php:php:4.2.1 cpe:/a:php:php:5.0.2 cpe:/a:php:php:4.4.1 cpe:/a:php:php:4.0:beta_4_patch1 cpe:/a:php:php:5.0.3 cpe:/a:php:php:4.1.1 cpe:/a:php:php:4.3.11 cpe:/a:php:php:5.0.0:beta1 cpe:/a:php:php:4.1.0 cpe:/a:php:php:4.3.8 cpe:/a:php:php:4.3.9 cpe:/a:php:php:4.0:beta3 cpe:/a:php:php:4.3.5 cpe:/a:php:php:4.2.3 CVE-2006-0208 2006-01-13T18:03:00.000-05:00 2011-09-13T00:00:00.000-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-17T09:55:00.000-05:00 BID 16803 CONFIRM http://www.php.net/release_5_1_2.php GENTOO GLSA-200603-22 SECUNIA 19355 SECUNIA 19179 SECUNIA 18697 SECUNIA 18431 MISC https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028 VUPEN ADV-2006-2685 VUPEN ADV-2006-0369 VUPEN ADV-2006-0177 UBUNTU USN-261-1 REDHAT RHSA-2006:0501 CONFIRM http://www.php.net/ChangeLog-4.php#4.4.2 MANDRIVA MDKSA-2006:028 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm SECUNIA 21564 SECUNIA 21252 SECUNIA 20951 SECUNIA 20222 SECUNIA 20210 SECUNIA 19832 SECUNIA 19012 REDHAT RHSA-2006:0549 REDHAT RHSA-2006:0276 SUSE SUSE-SR:2006:004 SGI 20060501-01-U Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. cpe:/a:tanklogger:tanklogger:2.4 CVE-2006-0209 2006-01-13T20:03:00.000-05:00 2011-03-07T21:29:35.250-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2006-01-15T20:01:00.000-05:00 ALLOWS_OTHER_ACCESS VUPEN ADV-2006-0153 MISC http://evuln.com/vulns/26/summary.html XF tanklogger-generalfunctions-sql-injection(24080) BID 16228 BUGTRAQ 20060112 [eVuln] TankLogger SQL Injection Vulnerability OSVDB 22369 OSVDB 22368 SREASON 341 SECUNIA 18441 VIM 20060113 Verified TankLogger SQl inject by source inspection SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. cpe:/a:interspire:trackpoint_nx CVE-2006-0210 2006-01-13T20:03:00.000-05:00 2011-03-07T21:29:35.347-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2006-01-15T22:25:00.000-05:00 VUPEN ADV-2006-0175 BID