Primary
Vendor — Product
Description
Discovered
Published
CVSS Score Source & Patch Info A.l-Pifou — A.l-Pifou Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via “..” sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
unknown
2006-09-20
1.9 CVE-2006-4914
FULLDISC
OSVDB
SECUNIA
BID
FRSIRT Bluview — Blue Magic Board Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
unknown
2006-09-15
2.3 CVE-2006-4835
BUGTRAQ
XF Cisco — Cisco IDS
Cisco — Cisco IPS The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
unknown
2006-09-20
2.3 CVE-2006-4910
CISCO
BID
FRSIRT
SECTRACK
SECUNIA
XF CMtextS — CMtextS CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
unknown
2006-09-19
2.3 CVE-2006-4897
OTHER-REF
FRSIRT
SECUNIA
XF Codeworx Technologies — DCP-Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) root_url and (2) dcp_version parameters in (a) admin/inc/footer.inc.php, and the root_url, (3) page_top_name, (4) page_name, and (5) page_options parameters in (b) admin/inc/header.inc.php.
unknown
2006-09-15
2.3 CVE-2006-4838
BUGTRAQ
BID David Bennett — PHP-Post Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to overwrite arbitrary program variables via multiple vectors that use the extract function, as demonstrated by the table_prefix parameter in (1) index.php, (2) profile.php, and (3) header.php.
unknown
2006-09-19
2.3 CVE-2006-4877
BUGTRAQ
BID David Bennett — PHP-Post Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) sequence in the template parameter.
unknown
2006-09-19
2.3 CVE-2006-4878
BUGTRAQ
BID David Bennett — PHP-Post David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to obtain sensitive information via a direct request for (1) footer.php, (2) template.php, or (3) lastvisit.php, which reveals the installation path in various error messages.
unknown
2006-09-19
2.3 CVE-2006-4880
BUGTRAQ
BID Drupal — Drupal Userreview module Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
unknown
2006-09-15
2.3 CVE-2006-4821
OTHER-REF
FRSIRT
SECUNIA
BID
XF eMuSOFT — emuCMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
unknown
2006-09-15
2.3 CVE-2006-4822
OTHER-REF
BID
FRSIRT
SECUNIA
OSVDB eSyndiCat Portal System — eSyndiCat Portal System Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter.
unknown
2006-09-20
2.3 CVE-2006-4923
BUGTRAQ
BID
XF
FRSIRT
SECUNIA gzip — gzip Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
unknown
2006-09-19
2.3 CVE-2006-4334
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
CERT-VN
SECUNIA
SECUNIA
XF gzip — gzip unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
unknown
2006-09-19
2.3 CVE-2006-4338
OTHER-REF
REDHAT
UBUNTU
DEBIAN
FREEBSD
SLACKWARE
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
MANDRIVA
FRSIRT
OSVDB
SECUNIA
SECUNIA HP — HP-UX Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
unknown
2006-09-15
1.6 CVE-2006-4820
HP
BID
FRSIRT
SECTRACK
SECUNIA
XF iDevSpot — NixieAffiliate Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in iDevSpot NixieAffiliate 1.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
unknown
2006-09-19
2.3 CVE-2006-4894
BUGTRAQ
BID Innovate Portal — Innovate Portal Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
unknown
2006-09-20
2.3 CVE-2006-4915
BUGTRAQ
BID
XF Jupiter CMS — Jupiter CMS Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.
unknown
2006-09-19
2.3 CVE-2006-4873
BUGTRAQ
BID Jupiter CMS — Jupiter CMS Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public.
unknown
2006-09-19
2.3 CVE-2006-4875
BUGTRAQ
BID Limbo CMS — Limbo CMS Unrestricted file upload vulnerability in contact.html.php in the Contact (com_contact) component in Limbo (aka Lite Mambo) CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contact_attach parameter in a contact option in index.php, which bypasses an insufficiently restrictive regular expression.
unknown
2006-09-19
2.3 CVE-2006-4859
OTHER-REF
BID Linux — Linux kernel The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
unknown
2006-09-19
2.3 CVE-2006-4535
OTHER-REF
UBUNTU
BID
OTHER-REF
SECUNIA
XF McAfee — VirusScan Enterprise
McAfee — McAfee Scan Engine The VirusScan On-Access Scan component in McAfee VirusScan Enterprise 7.1.0 and Scan Engine 4.4.00 allows local privileged users to bypass security restrictions and disable the On-Access Scan option by opening the program via the task bar and quickly clicking the Disable button, possibly due to an interface-related race condition.
unknown
2006-09-19
3.9 CVE-2006-4886
BUGTRAQ
XF Microsoft — Internet Explorer Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
unknown
2006-09-19
2.3 CVE-2006-4888
BUGTRAQ
OTHER-REF
OSVDB Mozilla — Network Security Services (NSS)
Mozilla — SeaMonkey
Mozilla — Firefox
Mozilla — Thunderbird Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates, a similar vulnerability to CVE-2006-4339.
unknown
2006-09-15
2.3 CVE-2006-4340
MLIST
OTHER-REF
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
FRSIRT
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SGI
UBUNTU
SECUNIA Mozilla — SeaMonkey
Mozilla — Firefox
Mozilla — Thunderbird Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set (“[\”), which leads to a buffer over-read.
unknown
2006-09-15
2.3 CVE-2006-4566
OTHER-REF
REDHAT
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA Mozilla — Firefox
Mozilla — Thunderbird Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
unknown
2006-09-15
1.9 CVE-2006-4567
OTHER-REF
REDHAT
SECUNIA
SECUNIA
REDHAT
BID
FRSIRT
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
XF
UBUNTU Mozilla — Firefox The popup blocker in Mozilla Firefox before 1.5.0.7 opens the “blocked popups” display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.
unknown
2006-09-15
2.3 CVE-2006-4569
OTHER-REF
SECUNIA
REDHAT
BID
SECTRACK
SECUNIA
XF Mozilla — SeaMonkey
Mozilla — Thunderbird Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with “Load Images” enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
unknown
2006-09-15
1.9 CVE-2006-4570
OTHER-REF
REDHAT
REDHAT
BID
SECTRACK
SECTRACK
SECUNIA
SECUNIA
SECUNIA
SECUNIA
XF
SGI
UBUNTU
SECUNIA Ohio State University — server OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL to a non-existent file, which displays the web root path in the resulting error message.
unknown
2006-09-20
2.3 CVE-2006-4907
BUGTRAQ
SECUNIA
XF Ohio State University — OSU httpd OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
unknown
2006-09-20
2.3 CVE-2006-4908
BUGTRAQ
SECUNIA
XF phpQuiz — phpQuiz Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive information via a direct request to cfgphpquiz/install.php and other unspecified vectors.
unknown
2006-09-19
2.3 CVE-2006-4865
BUGTRAQ PT News — PT News Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
unknown
2006-09-20
2.3 CVE-2006-4917
BUGTRAQ
BID
FRSIRT
SECUNIA
XF QuadComm — Q-Shop SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 allows remote attackers to execute arbitrary SQL commands via the OrderBy parameter.
unknown
2006-09-18
2.3 CVE-2006-4852
BUGTRAQ
Milw0rm
BID
SECUNIA
XF
FRSIRT
OSVDB Roller WebLogger — Roller WebLogger Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in the preview method; or (5) the q parameter in (a) sitesearch.do.
unknown
2006-09-19
2.3 CVE-2006-4856
BUGTRAQ
OTHER-REF
OTHER-REF
CERT-VN
BID
FRSIRT
SECUNIA Site@School — Site@School Directory traversal vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter.
unknown
2006-09-20
1.9 CVE-2006-4919
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA Site@School — Site@School Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions.
unknown
2006-09-20
2.3 CVE-2006-4922
BUGTRAQ
OTHER-REF
BID SoftComplex — PHP Event Calendar Multiple cross-site scripting (XSS) vulnerabilities in cl_files/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) ti, (2) bi, or (3) cbgi parameters.
unknown
2006-09-15
2.3 CVE-2006-4825
BUGTRAQ
BID
SECUNIA
XF Symantec — Norton Personal Firewall
Symantec — Norton Internet Security The DeviceSymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly other versions of Norton Personal Firewall and Norton Internet Security, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
unknown
2006-09-19
2.3 CVE-2006-4855
BUGTRAQ
OTHER-REF
BID
FRSIRT
SECUNIA Usermin — Usermin Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root’s shell instead of the shell of a specified user.
unknown
2006-09-19
3.3 CVE-2006-4246
OTHER-REF
SOURCEFORGE
OTHER-REF
DEBIAN
BID
SECUNIA
SECUNIA
FRSIRT
XF Verso NetPerformer — Frame Relay Access Device ACT Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the “Land” vulnerability.
unknown
2006-09-15
3.3 CVE-2006-4833
BUGTRAQ
FULLDISC
BID
FRSIRT
SECUNIA
XF Zope — Zope The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
unknown
2006-09-19
2.3 CVE-2006-4684
MLIST
OTHER-REF
DEBIAN
FRSIRT
SECUNIA
SECUNIA