Vulnerabilities - Ax3 Software

Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.

CAN-2006

Name: CVE-2006-0001

Description:
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060912 Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/445824/100/0/threaded
Reference: MISC:http://www.computerterrorism.com/research/ct12-09-2006-2.htm
Reference: HP:HPSBST02134
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded
Reference: HP:SSRT061187
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded
Reference: MS:MS06-054
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS06-054.mspx
Reference: CERT:TA06-255A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-255A.html
Reference: CERT-VN:VU#406236
Reference: URL:http://www.kb.cert.org/vuls/id/406236
Reference: BID:19951
Reference: URL:http://www.securityfocus.com/bid/19951
Reference: FRSIRT:ADV-2006-3565
Reference: URL:http://www.frsirt.com/english/advisories/2006/3565
Reference: OVAL:oval:org.mitre.oval:def:590
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:590
Reference: SECTRACK:1016825
Reference: URL:http://securitytracker.com/id?1016825
Reference: SECUNIA:21863
Reference: URL:http://secunia.com/advisories/21863
Reference: SREASON:1548
Reference: URL:http://securityreason.com/securityalert/1548
Reference: XF:publisher-pub-code-execution(28648)
Reference: URL:http://xforce.iss.net/xforce/xfdb/28648

Votes:

Name: CVE-2006-0002

Description:
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060110 Microsoft Outlook Critical Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421520/100/0/threaded
Reference: BUGTRAQ:20060110 Microsoft Exchange Critical Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421518/100/0/threaded
Reference: MS:MS06-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-003.mspx
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
Reference: CERT:TA06-010A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-010A.html
Reference: CERT-VN:VU#252146
Reference: URL:http://www.kb.cert.org/vuls/id/252146
Reference: BID:16197
Reference: URL:http://www.securityfocus.com/bid/16197
Reference: FRSIRT:ADV-2006-0119
Reference: URL:http://www.frsirt.com/english/advisories/2006/0119
Reference: OVAL:oval:org.mitre.oval:def:1082
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1082
Reference: OVAL:oval:org.mitre.oval:def:1165
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1165
Reference: OVAL:oval:org.mitre.oval:def:1316
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1316
Reference: OVAL:oval:org.mitre.oval:def:1456
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1456
Reference: OVAL:oval:org.mitre.oval:def:1485
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1485
Reference: OVAL:oval:org.mitre.oval:def:624
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:624
Reference: SECTRACK:1015461
Reference: URL:http://securitytracker.com/id?1015461
Reference: SECTRACK:1015460
Reference: URL:http://securitytracker.com/id?1015460
Reference: SECUNIA:18368
Reference: URL:http://secunia.com/advisories/18368
Reference: SREASON:330
Reference: URL:http://securityreason.com/securityalert/330
Reference: SREASON:331
Reference: URL:http://securityreason.com/securityalert/331
Reference: XF:win-tnef-overflow(22878)
Reference: URL:http://xforce.iss.net/xforce/xfdb/22878

Votes:

Name: CVE-2006-0003

Description:
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20070729 Exploit In Internet Explorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/475104/100/100/threaded
Reference: BUGTRAQ:20070730 RE: Exploit In Internet Explorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/475118/100/100/threaded
Reference: BUGTRAQ:20070730 Re: Exploit In Internet Explorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/475108/100/100/threaded
Reference: BUGTRAQ:20070731 Re: Exploit In Internet Explorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/475490/100/100/threaded
Reference: MILW0RM:2052
Reference: URL:http://www.milw0rm.com/exploits/2052
Reference: MILW0RM:2164
Reference: URL:http://www.milw0rm.com/exploits/2164
Reference: MISC:http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
Reference: CONFIRM:http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/01-e.html
Reference: CONFIRM:http://www.hitachi-support.com/security_e/vuls_e/HS06-013_e/index-e.html
Reference: MS:MS06-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-014.mspx
Reference: CERT:TA06-101A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-101A.html
Reference: CERT-VN:VU#234812
Reference: URL:http://www.kb.cert.org/vuls/id/234812
Reference: BID:17462
Reference: URL:http://www.securityfocus.com/bid/17462
Reference: BID:20797
Reference: URL:http://www.securityfocus.com/bid/20797
Reference: FRSIRT:ADV-2006-1319
Reference: URL:http://www.frsirt.com/english/advisories/2006/1319
Reference: FRSIRT:ADV-2006-2452
Reference: URL:http://www.frsirt.com/english/advisories/2006/2452
Reference: OSVDB:24517
Reference: URL:http://www.osvdb.org/24517
Reference: OVAL:oval:org.mitre.oval:def:1204
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1204
Reference: OVAL:oval:org.mitre.oval:def:1323
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1323
Reference: OVAL:oval:org.mitre.oval:def:1511
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1511
Reference: OVAL:oval:org.mitre.oval:def:1742
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1742
Reference: OVAL:oval:org.mitre.oval:def:1778
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1778
Reference: SECTRACK:1015894
Reference: URL:http://securitytracker.com/id?1015894
Reference: SECUNIA:19583
Reference: URL:http://secunia.com/advisories/19583
Reference: SECUNIA:20719
Reference: URL:http://secunia.com/advisories/20719
Reference: XF:mdac-rdsdataspace-execute-code(25006)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25006
Reference: XF:ie-wscriptshell-command-execution(29915)
Reference: URL:http://xforce.iss.net/xforce/xfdb/29915

Votes:

Name: CVE-2006-0004

Description:
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).

Status: Candidate
Phase: Assigned (20051109)
Reference: MS:MS06-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-010.mspx
Reference: CERT-VN:VU#963628
Reference: URL:http://www.kb.cert.org/vuls/id/963628
Reference: BID:16634
Reference: URL:http://www.securityfocus.com/bid/16634
Reference: FRSIRT:ADV-2006-0579
Reference: URL:http://www.frsirt.com/english/advisories/2006/0579
Reference: OVAL:oval:org.mitre.oval:def:1555
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1555
Reference: SECTRACK:1015632
Reference: URL:http://securitytracker.com/id?1015632
Reference: SECUNIA:18865
Reference: URL:http://secunia.com/advisories/18865
Reference: XF:powerpoint-tiff-information-disclosure(24490)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24490

Votes:

Name: CVE-2006-0005

Description:
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.

Status: Candidate
Phase: Assigned (20051109)
Reference: IDEFENSE:20060214 Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=393
Reference: MS:MS06-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-006.mspx
Reference: CERT:TA06-045A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-045A.html
Reference: CERT-VN:VU#692060
Reference: URL:http://www.kb.cert.org/vuls/id/692060
Reference: BID:16644
Reference: URL:http://www.securityfocus.com/bid/16644
Reference: FRSIRT:ADV-2006-0575
Reference: URL:http://www.frsirt.com/english/advisories/2006/0575
Reference: OVAL:oval:org.mitre.oval:def:1559
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1559
Reference: SECTRACK:1015628
Reference: URL:http://securitytracker.com/id?1015628
Reference: SECUNIA:18852
Reference: URL:http://secunia.com/advisories/18852
Reference: XF:win-mediaplayer-plugin-embed-bo(24493)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24493

Votes:

Name: CVE-2006-0006

Description:
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060214 [EEYEB-20051017] Windows Media Player BMP Heap Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/424983/100/0/threaded
Reference: BUGTRAQ:20060215 Windows Media Player BMP Heap Overflow (MS06-005)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/425158/100/0/threaded
Reference: MISC:http://www.eeye.com/html/research/advisories/AD20060214.html
Reference: MS:MS06-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-005.mspx
Reference: CERT:TA06-045A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-045A.html
Reference: CERT-VN:VU#291396
Reference: URL:http://www.kb.cert.org/vuls/id/291396
Reference: BID:16633
Reference: URL:http://www.securityfocus.com/bid/16633
Reference: FRSIRT:ADV-2006-0574
Reference: URL:http://www.frsirt.com/english/advisories/2006/0574
Reference: OVAL:oval:org.mitre.oval:def:1256
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1256
Reference: OVAL:oval:org.mitre.oval:def:1578
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1578
Reference: OVAL:oval:org.mitre.oval:def:1598
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1598
Reference: OVAL:oval:org.mitre.oval:def:1661
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1661
Reference: SECTRACK:1015627
Reference: URL:http://securitytracker.com/id?1015627
Reference: SECUNIA:18835
Reference: URL:http://secunia.com/advisories/18835
Reference: SREASON:423
Reference: URL:http://securityreason.com/securityalert/423
Reference: XF:win-media-player-bmp-bo(24488)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24488

Votes:

Name: CVE-2006-0007

Description:
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/439887/100/0/threaded
Reference: VULNWATCH:20060712 NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html
Reference: MS:MS06-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx
Reference: CERT:TA06-192A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-192A.html
Reference: CERT-VN:VU#668564
Reference: URL:http://www.kb.cert.org/vuls/id/668564
Reference: BID:18915
Reference: URL:http://www.securityfocus.com/bid/18915
Reference: FRSIRT:ADV-2006-2757
Reference: URL:http://www.frsirt.com/english/advisories/2006/2757
Reference: OSVDB:27146
Reference: URL:http://www.osvdb.org/27146
Reference: OVAL:oval:org.mitre.oval:def:21
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:21
Reference: SECTRACK:1016470
Reference: URL:http://securitytracker.com/id?1016470
Reference: SECUNIA:21013
Reference: URL:http://secunia.com/advisories/21013

Votes:

Name: CVE-2006-0008

Description:
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060215 Security advisory: Windows IME Vulnerability (MS06-009)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/425141/100/0/threaded
Reference: MISC:http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html
Reference: MS:MS06-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-009.mspx
Reference: CERT-VN:VU#739844
Reference: URL:http://www.kb.cert.org/vuls/id/739844
Reference: BID:16643
Reference: URL:http://www.securityfocus.com/bid/16643
Reference: FRSIRT:ADV-2006-0578
Reference: URL:http://www.frsirt.com/english/advisories/2006/0578
Reference: OVAL:oval:org.mitre.oval:def:1595
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1595
Reference: OVAL:oval:org.mitre.oval:def:1650
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1650
Reference: OVAL:oval:org.mitre.oval:def:1664
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1664
Reference: OVAL:oval:org.mitre.oval:def:1688
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1688
Reference: OVAL:oval:org.mitre.oval:def:727
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:727
Reference: SECTRACK:1015631
Reference: URL:http://securitytracker.com/id?1015631
Reference: SECUNIA:18859
Reference: URL:http://secunia.com/advisories/18859
Reference: XF:win-korean-ime-privilege-elevation(24492)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24492

Votes:

Name: CVE-2006-0009

Description:
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427671/100/0/threaded
Reference: BUGTRAQ:20060822 Major updates in PowerPoint FAQ document - not a 0-day issue
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/444051/100/200/threaded
Reference: BUGTRAQ:20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446425/100/0/threaded
Reference: BUGTRAQ:20060919 New PowerPoint 0-day Trojan in the wild
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446370/100/0/threaded
Reference: BUGTRAQ:20060422 PowerPoint Phishing Trojan
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/432004/30/5340/threaded
Reference: MISC:http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
Reference: BUGTRAQ:20060819 New PowerPoint 0-day and Trojan - FAQ document ready
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/443890/100/0/threaded
Reference: FULLDISC:20060822 Major updates in PowerPoint FAQ document - not a 0-day issue
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html
Reference: FULLDISC:20060919 New PowerPoint 0-day Trojan in the wild
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html
Reference: MISC:http://isc.sans.org/diary.php?storyid=1618
Reference: MISC:http://blogs.securiteam.com/?p=557
Reference: MISC:http://blogs.securiteam.com/?p=559
Reference: MISC:http://blogs.securiteam.com/?author=28
Reference: MISC:http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBH
Reference: MISC:http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
Reference: MISC:http://www.darkreading.com/document.asp?doc_id=101970
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
Reference: CERT:TA06-073A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Reference: CERT-VN:VU#682820
Reference: URL:http://www.kb.cert.org/vuls/id/682820
Reference: BID:17000
Reference: URL:http://www.securityfocus.com/bid/17000
Reference: BID:20059
Reference: URL:http://www.securityfocus.com/bid/20059
Reference: FRSIRT:ADV-2006-0950
Reference: URL:http://www.frsirt.com/english/advisories/2006/0950
Reference: FRSIRT:ADV-2006-3678
Reference: URL:http://www.frsirt.com/english/advisories/2006/3678
Reference: OSVDB:23903
Reference: URL:http://www.osvdb.org/23903
Reference: OVAL:oval:org.mitre.oval:def:1504
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1504
Reference: OVAL:oval:org.mitre.oval:def:1553
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1553
Reference: OVAL:oval:org.mitre.oval:def:1653
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1653
Reference: OVAL:oval:org.mitre.oval:def:798
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:798
Reference: SECTRACK:1015766
Reference: URL:http://securitytracker.com/id?1015766
Reference: SECTRACK:1016720
Reference: URL:http://securitytracker.com/id?1016720
Reference: SECTRACK:1016886
Reference: URL:http://securitytracker.com/id?1016886
Reference: SECUNIA:19138
Reference: URL:http://secunia.com/advisories/19138
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: XF:office-routing-slip-bo(25009)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25009
Reference: XF:powerpoint-presentation-code-execution(29009)
Reference: URL:http://xforce.iss.net/xforce/xfdb/29009

Votes:

Name: CVE-2006-0010

Description:
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.

Status: Candidate
Phase: Assigned (20051109)
Reference: EEYE:EEYEB20050801
Reference: URL:http://www.eeye.com/html/Research/Advisories/EEYEB20050801.html
Reference: BUGTRAQ:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421885/100/0/threaded
Reference: FULLDISC:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability
Reference: VULNWATCH:20060110 [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability
Reference: MISC:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-004.htm
Reference: MS:MS06-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-002.mspx
Reference: CERT:TA06-010A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-010A.html
Reference: CERT-VN:VU#915930
Reference: URL:http://www.kb.cert.org/vuls/id/915930
Reference: BID:16194
Reference: URL:http://www.securityfocus.com/bid/16194
Reference: FRSIRT:ADV-2006-0118
Reference: URL:http://www.frsirt.com/english/advisories/2006/0118
Reference: OSVDB:18829
Reference: URL:http://www.osvdb.org/18829
Reference: OVAL:oval:org.mitre.oval:def:1126
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1126
Reference: OVAL:oval:org.mitre.oval:def:1185
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1185
Reference: OVAL:oval:org.mitre.oval:def:1462
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1462
Reference: OVAL:oval:org.mitre.oval:def:1491
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1491
Reference: OVAL:oval:org.mitre.oval:def:698
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:698
Reference: OVAL:oval:org.mitre.oval:def:714
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:714
Reference: SECTRACK:1015459
Reference: URL:http://securitytracker.com/id?1015459
Reference: SECUNIA:18365
Reference: URL:http://secunia.com/advisories/18365
Reference: SECUNIA:18391
Reference: URL:http://secunia.com/advisories/18391
Reference: SECUNIA:18311
Reference: URL:http://secunia.com/advisories/18311
Reference: XF:win-embedded-fonts-bo(23922)
Reference: URL:http://xforce.iss.net/xforce/xfdb/23922

Votes:

Name: CVE-2006-0011

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20051109)

Votes:

Name: CVE-2006-0012

Description:
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."

Status: Candidate
Phase: Assigned (20051109)
Reference: MS:MS06-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
Reference: CERT:TA06-101A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-101A.html
Reference: BID:17464
Reference: URL:http://www.securityfocus.com/bid/17464
Reference: FRSIRT:ADV-2006-1320
Reference: URL:http://www.frsirt.com/english/advisories/2006/1320
Reference: OSVDB:24516
Reference: URL:http://www.osvdb.org/24516
Reference: OVAL:oval:org.mitre.oval:def:1191
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1191
Reference: OVAL:oval:org.mitre.oval:def:1448
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1448
Reference: OVAL:oval:org.mitre.oval:def:1679
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1679
Reference: OVAL:oval:org.mitre.oval:def:1743
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1743
Reference: OVAL:oval:org.mitre.oval:def:1764
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1764
Reference: SECTRACK:1015897
Reference: URL:http://securitytracker.com/id?1015897
Reference: SECUNIA:19606
Reference: URL:http://secunia.com/advisories/19606
Reference: CERT-VN:VU#641460
Reference: URL:http://www.kb.cert.org/vuls/id/641460
Reference: XF:win-explorer-com-code-execution(25554)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25554

Votes:

Name: CVE-2006-0013

Description:
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.

Status: Candidate
Phase: Assigned (20051109)
Reference: MS:MS06-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-008.mspx
Reference: CERT-VN:VU#388900
Reference: URL:http://www.kb.cert.org/vuls/id/388900
Reference: BID:16636
Reference: URL:http://www.securityfocus.com/bid/16636
Reference: FRSIRT:ADV-2006-0577
Reference: URL:http://www.frsirt.com/english/advisories/2006/0577
Reference: OVAL:oval:org.mitre.oval:def:1220
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1220
Reference: OVAL:oval:org.mitre.oval:def:1547
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1547
Reference: OVAL:oval:org.mitre.oval:def:1602
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1602
Reference: OVAL:oval:org.mitre.oval:def:683
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:683
Reference: OVAL:oval:org.mitre.oval:def:716
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:716
Reference: SECTRACK:1015630
Reference: URL:http://securitytracker.com/id?1015630
Reference: SECUNIA:18857
Reference: URL:http://secunia.com/advisories/18857
Reference: XF:msrpc-webclient-message-bo(24491)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24491

Votes:

Name: CVE-2006-0014

Description:
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430645/100/0/threaded
Reference: FULLDISC:20060411 ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045003.html
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-007.html
Reference: MS:MS06-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-016.mspx
Reference: BID:17459
Reference: URL:http://www.securityfocus.com/bid/17459
Reference: FRSIRT:ADV-2006-1321
Reference: URL:http://www.frsirt.com/english/advisories/2006/1321
Reference: OVAL:oval:org.mitre.oval:def:1611
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1611
Reference: OVAL:oval:org.mitre.oval:def:1682
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1682
Reference: OVAL:oval:org.mitre.oval:def:1769
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1769
Reference: OVAL:oval:org.mitre.oval:def:1771
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1771
Reference: OVAL:oval:org.mitre.oval:def:1780
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1780
Reference: OVAL:oval:org.mitre.oval:def:1791
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1791
Reference: OVAL:oval:org.mitre.oval:def:812
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:812
Reference: SECTRACK:1015898
Reference: URL:http://securitytracker.com/id?1015898
Reference: SECUNIA:19617
Reference: URL:http://secunia.com/advisories/19617
Reference: SREASON:691
Reference: URL:http://securityreason.com/securityalert/691
Reference: XF:outlook-express-wab-bo(25535)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25535

Votes:

Name: CVE-2006-0015

Description:
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

Status: Candidate
Phase: Assigned (20051109)
Reference: BUGTRAQ:20060412 Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430803/100/0/threaded
Reference: MISC:http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
Reference: MS:MS06-017
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx
Reference: BID:17452
Reference: URL:http://www.securityfocus.com/bid/17452
Reference: FRSIRT:ADV-2006-1322
Reference: URL:http://www.frsirt.com/english/advisories/2006/1322
Reference: OVAL:oval:org.mitre.oval:def:1748
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1748
Reference: SECTRACK:1015895
Reference: URL:http://securitytracker.com/id?1015895
Reference: SECTRACK:1015896
Reference: URL:http://securitytracker.com/id?1015896
Reference: SECUNIA:19623
Reference: URL:http://secunia.com/advisories/19623
Reference: SREASON:704
Reference: URL:http://securityreason.com/securityalert/704
Reference: XF:fpse-html-xss(25537)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25537

Votes:

Name: CVE-2006-0016

Status: Candidate
Phase: Assigned (20051116)

Votes:

Name: CVE-2006-0017

Status: Candidate
Phase: Assigned (20051116)

Votes:

Name: CVE-2006-0018

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3899. Reason: This candidate is a duplicate of CVE-2005-3899. Notes: All CVE users should reference CVE-2005-3899 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20051129)

Votes:

Name: CVE-2006-0019

Description:
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.

Status: Candidate
Phase: Assigned (20051220)
Reference: BUGTRAQ:20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422464/100/0/threaded
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20060119-1.txt
Reference: CONFIRM:ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff
Reference: DEBIAN:DSA-948
Reference: URL:http://www.debian.org/security/2006/dsa-948
Reference: FEDORA:FLSA:178606
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
Reference: GENTOO:GLSA-200601-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml
Reference: MANDRIVA:MDKSA-2006:019
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:019
Reference: REDHAT:RHSA-2006:0184
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0184.html
Reference: SLACKWARE:SSA:2006-045-05
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107
Reference: SUSE:SUSE-SA:2006:003
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422489/100/0/threaded
Reference: UBUNTU:USN-245-1
Reference: URL:http://www.ubuntu.com/usn/usn-245-1
Reference: BID:16325
Reference: URL:http://www.securityfocus.com/bid/16325
Reference: FRSIRT:ADV-2006-0265
Reference: URL:http://www.frsirt.com/english/advisories/2006/0265
Reference: OSVDB:22659
Reference: URL:http://www.osvdb.org/22659
Reference: SECTRACK:1015512
Reference: URL:http://securitytracker.com/id?1015512
Reference: SECUNIA:18500
Reference: URL:http://secunia.com/advisories/18500
Reference: SECUNIA:18540
Reference: URL:http://secunia.com/advisories/18540
Reference: SECUNIA:18561
Reference: URL:http://secunia.com/advisories/18561
Reference: SECUNIA:18552
Reference: URL:http://secunia.com/advisories/18552
Reference: SECUNIA:18559
Reference: URL:http://secunia.com/advisories/18559
Reference: SECUNIA:18570
Reference: URL:http://secunia.com/advisories/18570
Reference: SECUNIA:18899
Reference: URL:http://secunia.com/advisories/18899
Reference: SECUNIA:18583
Reference: URL:http://secunia.com/advisories/18583
Reference: SREASON:364
Reference: URL:http://securityreason.com/securityalert/364
Reference: XF:kde-kjs-bo(24242)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24242

Votes:

Name: CVE-2006-0020

Description:
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20051130)
Reference: MLIST:[funsec] 20060110 Another WMF flaw without a Microsoft patch
Reference: URL:http://linuxbox.org/pipermail/funsec/2006-January/002828.html
Reference: MS:MS06-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-004.mspx
Reference: CONFIRM:http://www.microsoft.com/technet/security/advisory/913333.mspx
Reference: CERT:TA06-045A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-045A.html
Reference: CERT-VN:VU#312956
Reference: URL:http://www.kb.cert.org/vuls/id/312956
Reference: BID:16516
Reference: URL:http://www.securityfocus.com/bid/16516
Reference: FRSIRT:ADV-2006-0469
Reference: URL:http://www.frsirt.com/english/advisories/2006/0469
Reference: OSVDB:22976
Reference: URL:http://www.osvdb.org/22976
Reference: OVAL:oval:org.mitre.oval:def:1638
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1638
Reference: SECUNIA:18729
Reference: URL:http://secunia.com/advisories/18729
Reference: SECUNIA:18912
Reference: URL:http://secunia.com/advisories/18912

Votes:

Name: CVE-2006-0021

Description:
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."

Status: Candidate
Phase: Assigned (20051130)
Reference: MS:MS06-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-007.mspx
Reference: CERT:TA06-045A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-045A.html
Reference: CERT-VN:VU#839284
Reference: URL:http://www.kb.cert.org/vuls/id/839284
Reference: MISC:http://www.securiteam.com/exploits/5PP0T0KI0O.html
Reference: BID:16645
Reference: URL:http://www.securityfocus.com/bid/16645
Reference: FRSIRT:ADV-2006-0576
Reference: URL:http://www.frsirt.com/english/advisories/2006/0576
Reference: MILW0RM:1599
Reference: URL:http://www.milw0rm.com/exploits/1599
Reference: OVAL:oval:org.mitre.oval:def:1310
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1310
Reference: OVAL:oval:org.mitre.oval:def:1425
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1425
Reference: OVAL:oval:org.mitre.oval:def:1647
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1647
Reference: OVAL:oval:org.mitre.oval:def:1662
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1662
Reference: OVAL:oval:org.mitre.oval:def:678
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:678
Reference: SECTRACK:1015629
Reference: URL:http://securitytracker.com/id?1015629
Reference: SECUNIA:18853
Reference: URL:http://secunia.com/advisories/18853
Reference: XF:win-igmpv3-dos(24489)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24489

Votes:

Name: CVE-2006-0022

Description:
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.

Status: Candidate
Phase: Assigned (20051130)
Reference: MS:MS06-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-028.mspx
Reference: CERT:TA06-164A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-164A.html
Reference: CERT-VN:VU#190089
Reference: URL:http://www.kb.cert.org/vuls/id/190089
Reference: BID:18382
Reference: URL:http://www.securityfocus.com/bid/18382
Reference: FRSIRT:ADV-2006-2325
Reference: URL:http://www.frsirt.com/english/advisories/2006/2325
Reference: OSVDB:26435
Reference: URL:http://www.osvdb.org/26435
Reference: OVAL:oval:org.mitre.oval:def:1069
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1069
Reference: OVAL:oval:org.mitre.oval:def:1836
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1836
Reference: OVAL:oval:org.mitre.oval:def:1984
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1984
Reference: SECTRACK:1016287
Reference: URL:http://securitytracker.com/id?1016287
Reference: SECUNIA:20633
Reference: URL:http://secunia.com/advisories/20633
Reference: XF:powerpoint-record-bo(26784)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26784

Votes:

Name: CVE-2006-0023

Description:
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20060131 Windows Access Control Demystified
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423587/100/0/threaded
Reference: MISC:http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
Reference: MISC:http://www.microsoft.com/technet/security/advisory/914457.mspx
Reference: CONFIRM:http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-011.mspx
Reference: CERT-VN:VU#953860
Reference: URL:http://www.kb.cert.org/vuls/id/953860
Reference: FRSIRT:ADV-2006-0417
Reference: URL:http://www.frsirt.com/english/advisories/2006/0417
Reference: OVAL:oval:org.mitre.oval:def:1671
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1671
Reference: OVAL:oval:org.mitre.oval:def:1696
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1696
Reference: SECTRACK:1015595
Reference: URL:http://securitytracker.com/id?1015595
Reference: SECTRACK:1015765
Reference: URL:http://securitytracker.com/id?1015765
Reference: SECUNIA:18756
Reference: URL:http://secunia.com/advisories/18756
Reference: SECUNIA:19313
Reference: URL:http://secunia.com/advisories/19313
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: XF:win-auth-users-insecure-permissions(24463)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24463

Votes:

Name: CVE-2006-0024

Description:
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.

Status: Candidate
Phase: Assigned (20051130)
Reference: CONFIRM:http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=307179
Reference: APPLE:APPLE-SA-2006-05-11
Reference: URL:http://lists.apple.com/archives/security-announce/2006/May/msg00003.html
Reference: APPLE:APPLE-SA-2007-12-17
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Reference: GENTOO:GLSA-200603-20
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-20.xml
Reference: MS:MS06-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-020.mspx
Reference: REDHAT:RHSA-2006:0268
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0268.html
Reference: SUSE:SUSE-SA:2006:015
Reference: URL:http://www.novell.com/linux/security/advisories/2006_15_flashplayer.html
Reference: CONFIRM:http://www.opera.com/docs/changelogs/windows/854/
Reference: CERT:TA06-075A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-075A.html
Reference: CERT:TA06-129A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-129A.html
Reference: CERT:TA06-132A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-132A.html
Reference: CERT:TA07-352A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Reference: CERT-VN:VU#945060
Reference: URL:http://www.kb.cert.org/vuls/id/945060
Reference: BID:17106
Reference: URL:http://www.securityfocus.com/bid/17106
Reference: BID:17951
Reference: URL:http://www.securityfocus.com/bid/17951
Reference: FRSIRT:ADV-2006-0952
Reference: URL:http://www.frsirt.com/english/advisories/2006/0952
Reference: FRSIRT:ADV-2006-1744
Reference: URL:http://www.frsirt.com/english/advisories/2006/1744
Reference: FRSIRT:ADV-2006-1779
Reference: URL:http://www.frsirt.com/english/advisories/2006/1779
Reference: FRSIRT:ADV-2006-1262
Reference: URL:http://www.frsirt.com/english/advisories/2006/1262
Reference: FRSIRT:ADV-2007-4238
Reference: URL:http://www.frsirt.com/english/advisories/2007/4238
Reference: OSVDB:23908
Reference: URL:http://www.osvdb.org/23908
Reference: OVAL:oval:org.mitre.oval:def:1894
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1894
Reference: OVAL:oval:org.mitre.oval:def:1922
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1922
Reference: SECTRACK:1015770
Reference: URL:http://securitytracker.com/id?1015770
Reference: SECUNIA:19218
Reference: URL:http://secunia.com/advisories/19218
Reference: SECUNIA:19259
Reference: URL:http://secunia.com/advisories/19259
Reference: SECUNIA:19198
Reference: URL:http://secunia.com/advisories/19198
Reference: SECUNIA:19328
Reference: URL:http://secunia.com/advisories/19328
Reference: SECUNIA:20077
Reference: URL:http://secunia.com/advisories/20077
Reference: SECUNIA:20045
Reference: URL:http://secunia.com/advisories/20045
Reference: SECUNIA:28136
Reference: URL:http://secunia.com/advisories/28136
Reference: XF:macromedia-swf-code-execution(25005)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25005

Votes:

Name: CVE-2006-0025

Description:
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size.

Status: Candidate
Phase: Assigned (20051130)
Reference: IDEFENSE:20060613 Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow
Reference: URL:http://www.idefense.com/intelligence/vulnerabilities/display.php?id=406
Reference: MS:MS06-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-024.mspx
Reference: CERT:TA06-164A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-164A.html
Reference: CERT-VN:VU#608020
Reference: URL:http://www.kb.cert.org/vuls/id/608020
Reference: BID:18385
Reference: URL:http://www.securityfocus.com/bid/18385
Reference: FRSIRT:ADV-2006-2322
Reference: URL:http://www.frsirt.com/english/advisories/2006/2322
Reference: OSVDB:26430
Reference: URL:http://www.osvdb.org/26430
Reference: OVAL:oval:org.mitre.oval:def:1230
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1230
Reference: OVAL:oval:org.mitre.oval:def:1729
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1729
Reference: OVAL:oval:org.mitre.oval:def:1805
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1805
Reference: OVAL:oval:org.mitre.oval:def:1807
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1807
Reference: OVAL:oval:org.mitre.oval:def:1820
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1820
Reference: OVAL:oval:org.mitre.oval:def:1974
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1974
Reference: SECTRACK:1016284
Reference: URL:http://securitytracker.com/id?1016284
Reference: SECUNIA:20626
Reference: URL:http://secunia.com/advisories/20626
Reference: XF:win-media-player-png-bo(26788)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26788

Votes:

Name: CVE-2006-0026

Description:
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20060718 ASP.DLL Include File Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html
Reference: MS:MS06-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx
Reference: CERT:TA06-192A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-192A.html
Reference: CERT-VN:VU#395588
Reference: URL:http://www.kb.cert.org/vuls/id/395588
Reference: BID:18858
Reference: URL:http://www.securityfocus.com/bid/18858
Reference: FRSIRT:ADV-2006-2752
Reference: URL:http://www.frsirt.com/english/advisories/2006/2752
Reference: OSVDB:27152
Reference: URL:http://www.osvdb.org/27152
Reference: OVAL:oval:org.mitre.oval:def:435
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:435
Reference: SECTRACK:1016466
Reference: URL:http://securitytracker.com/id?1016466
Reference: SECUNIA:21006
Reference: URL:http://secunia.com/advisories/21006
Reference: XF:iis-asp-bo(26796)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26796

Votes:

Name: CVE-2006-0027

Description:
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.

Status: Candidate
Phase: Assigned (20051130)
Reference: MS:MS06-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx
Reference: CERT:TA06-129A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-129A.html
Reference: CERT-VN:VU#303452
Reference: URL:http://www.kb.cert.org/vuls/id/303452
Reference: BID:17908
Reference: URL:http://www.securityfocus.com/bid/17908
Reference: FRSIRT:ADV-2006-1743
Reference: URL:http://www.frsirt.com/english/advisories/2006/1743
Reference: OSVDB:25338
Reference: URL:http://www.osvdb.org/25338
Reference: OVAL:oval:org.mitre.oval:def:1818
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1818
Reference: OVAL:oval:org.mitre.oval:def:1996
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1996
Reference: OVAL:oval:org.mitre.oval:def:2035
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2035
Reference: SECTRACK:1016048
Reference: URL:http://securitytracker.com/id?1016048
Reference: SECUNIA:20029
Reference: URL:http://secunia.com/advisories/20029
Reference: XF:exchange-calendar-code-execution(25556)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25556

Votes:

Name: CVE-2006-0028

Description:
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427632/100/0/threaded
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-004.html
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
Reference: CERT:TA06-073A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Reference: CERT-VN:VU#339878
Reference: URL:http://www.kb.cert.org/vuls/id/339878
Reference: FRSIRT:ADV-2006-0950
Reference: URL:http://www.frsirt.com/english/advisories/2006/0950
Reference: OSVDB:23899
Reference: URL:http://www.osvdb.org/23899
Reference: OVAL:oval:org.mitre.oval:def:1158
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1158
Reference: OVAL:oval:org.mitre.oval:def:1411
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1411
Reference: OVAL:oval:org.mitre.oval:def:1509
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1509
Reference: OVAL:oval:org.mitre.oval:def:1635
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1635
Reference: SECTRACK:1015766
Reference: URL:http://securitytracker.com/id?1015766
Reference: SECUNIA:19138
Reference: URL:http://secunia.com/advisories/19138
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: SREASON:583
Reference: URL:http://securityreason.com/securityalert/583
Reference: XF:excel-parsing-format-file-bo(25225)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25225

Votes:

Name: CVE-2006-0029

Description:
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.

Status: Candidate
Phase: Assigned (20051130)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
Reference: CERT:TA06-073A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Reference: CERT-VN:VU#235774
Reference: URL:http://www.kb.cert.org/vuls/id/235774
Reference: FRSIRT:ADV-2006-0950
Reference: URL:http://www.frsirt.com/english/advisories/2006/0950
Reference: OSVDB:23900
Reference: URL:http://www.osvdb.org/23900
Reference: OVAL:oval:org.mitre.oval:def:1522
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1522
Reference: OVAL:oval:org.mitre.oval:def:1570
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1570
Reference: OVAL:oval:org.mitre.oval:def:1579
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1579
Reference: OVAL:oval:org.mitre.oval:def:1633
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1633
Reference: SECTRACK:1015766
Reference: URL:http://securitytracker.com/id?1015766
Reference: SECUNIA:19138
Reference: URL:http://secunia.com/advisories/19138
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: SREASON:585
Reference: URL:http://securityreason.com/securityalert/585
Reference: SREASON:586
Reference: URL:http://securityreason.com/securityalert/586
Reference: XF:excel-description-bo(25227)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25227

Votes:

Name: CVE-2006-0030

Description:
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.

Status: Candidate
Phase: Assigned (20051130)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
Reference: CERT:TA06-073A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Reference: CERT-VN:VU#123222
Reference: URL:http://www.kb.cert.org/vuls/id/123222
Reference: BID:16181
Reference: URL:http://www.securityfocus.com/bid/16181
Reference: FRSIRT:ADV-2006-0950
Reference: URL:http://www.frsirt.com/english/advisories/2006/0950
Reference: OSVDB:23901
Reference: URL:http://www.osvdb.org/23901
Reference: OVAL:oval:org.mitre.oval:def:1401
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1401
Reference: OVAL:oval:org.mitre.oval:def:1510
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1510
Reference: OVAL:oval:org.mitre.oval:def:1630
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1630
Reference: OVAL:oval:org.mitre.oval:def:1666
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1666
Reference: SECTRACK:1015766
Reference: URL:http://securitytracker.com/id?1015766
Reference: SECUNIA:19138
Reference: URL:http://secunia.com/advisories/19138
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: XF:excel-graphic-bo(25229)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25229

Votes:

Name: CVE-2006-0031

Description:
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20060315 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427699/100/0/threaded
Reference: FULLDISC:20060314 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html
Reference: VULNWATCH:20060315 [xfocus-SD-060314]Microsoft Office Excel Buffer Overflow Vulnerability
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
Reference: MS:MS06-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx
Reference: CERT:TA06-073A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-073A.html
Reference: CERT-VN:VU#104302
Reference: URL:http://www.kb.cert.org/vuls/id/104302
Reference: BID:17101
Reference: URL:http://www.securityfocus.com/bid/17101
Reference: FRSIRT:ADV-2006-0950
Reference: URL:http://www.frsirt.com/english/advisories/2006/0950
Reference: OSVDB:23902
Reference: URL:http://www.osvdb.org/23902
Reference: OVAL:oval:org.mitre.oval:def:1327
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1327
Reference: OVAL:oval:org.mitre.oval:def:1525
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1525
Reference: OVAL:oval:org.mitre.oval:def:1750
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1750
Reference: OVAL:oval:org.mitre.oval:def:763
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:763
Reference: SECTRACK:1015766
Reference: URL:http://securitytracker.com/id?1015766
Reference: SECUNIA:19138
Reference: URL:http://secunia.com/advisories/19138
Reference: SECUNIA:19238
Reference: URL:http://secunia.com/advisories/19238
Reference: SREASON:589
Reference: URL:http://securityreason.com/securityalert/589
Reference: XF:excel-record-bo(25228)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25228

Votes:

Name: CVE-2006-0032

Description:
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/447511/100/0/threaded
Reference: BUGTRAQ:20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/447509/100/0/threaded
Reference: MISC:http://www.geocities.jp/ptrs_sec/advisory09e.html
Reference: HP:HPSBST02134
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded
Reference: HP:SSRT061187
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded
Reference: MS:MS06-053
Reference: URL:http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx
Reference: CERT:TA06-255A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-255A.html
Reference: CERT-VN:VU#108884
Reference: URL:http://www.kb.cert.org/vuls/id/108884
Reference: BID:19927
Reference: URL:http://www.securityfocus.com/bid/19927
Reference: FRSIRT:ADV-2006-3564
Reference: URL:http://www.frsirt.com/english/advisories/2006/3564
Reference: OVAL:oval:org.mitre.oval:def:535
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:535
Reference: SECTRACK:1016826
Reference: URL:http://securitytracker.com/id?1016826
Reference: SECUNIA:21861
Reference: URL:http://secunia.com/advisories/21861
Reference: XF:ms-indexing-service-xss(28651)
Reference: URL:http://xforce.iss.net/xforce/xfdb/28651

Votes:

Name: CVE-2006-0033

Description:
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.

Status: Candidate
Phase: Assigned (20051130)
Reference: MISC:http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-22.html
Reference: MS:MS06-039
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-039.mspx
Reference: CERT:TA06-192A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-192A.html
Reference: CERT-VN:VU#459388
Reference: URL:http://www.kb.cert.org/vuls/id/459388
Reference: BID:18913
Reference: URL:http://www.securityfocus.com/bid/18913
Reference: FRSIRT:ADV-2006-2757
Reference: URL:http://www.frsirt.com/english/advisories/2006/2757
Reference: OSVDB:27147
Reference: URL:http://www.osvdb.org/27147
Reference: OVAL:oval:org.mitre.oval:def:163
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:163
Reference: SECTRACK:1016470
Reference: URL:http://securitytracker.com/id?1016470
Reference: SECUNIA:21013
Reference: URL:http://secunia.com/advisories/21013

Votes:

Name: CVE-2006-0034

Description:
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.

Status: Candidate
Phase: Assigned (20051130)
Reference: BUGTRAQ:20060509 [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433430/100/0/threaded
Reference: BUGTRAQ:20060511 Microsoft MSDTC NdrAllocate Validation Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433677/100/0/threaded
Reference: FULLDISC:20060509 [EEYEB20051011A] - Microsoft Distributed Transaction Coordinator Heap Overflow
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0238.html
Reference: FULLDISC:20060510 Microsoft MSDTC NdrAllocate Validation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0269.html
Reference: MISC:http://www.eeye.com/html/research/advisories/AD20060509a.html
Reference: MS:MS06-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms06-018.mspx
Reference: BID:17906
Reference: URL:http://www.securityfocus.com/bid/17906
Reference: FRSIRT:ADV-2006-1742
Reference: URL:http://www.frsirt.com/english/advisories/2006/1742
Reference: OSVDB:25335
Reference: URL:http://www.osvdb.org/25335
Reference: OVAL:oval:org.mitre.oval:def:1222
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1222
Reference: OVAL:oval:org.mitre.oval:def:1477
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1477
Reference: OVAL:oval:org.mitre.oval:def:1908
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1908
Reference: SECTRACK:1016047
Reference: URL:http://securitytracker.com/id?1016047
Reference: SECUNIA:20000
Reference: URL:http://secunia.com/advisories/20000
Reference: SREASON:863
Reference: URL:http://securityreason.com/securityalert/863
Reference: XF:msdtc-network-message-dos(25559)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25559

Votes:

Name: CVE-2006-0035

Description:
The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 and 2.6.15 allows local users to cause a denial of service (infinite loop) via a nlmsg_len field of 0.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ad8e4b75c8a7bed475d72ce09bf5267188621961
Reference: TRUSTIX:2006-0004
Reference: URL:http://www.trustix.org/errata/2006/0004
Reference: BID:16414
Reference: URL:http://www.securityfocus.com/bid/16414
Reference: FRSIRT:ADV-2006-0220
Reference: URL:http://www.frsirt.com/english/advisories/2006/0220
Reference: SECUNIA:18482
Reference: URL:http://secunia.com/advisories/18482
Reference: SREASON:388
Reference: URL:http://securityreason.com/securityalert/388
Reference: XF:kernel-afnetlink-dos(24202)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24202

Votes:

Name: CVE-2006-0036

Description:
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e497502ab
Reference: TRUSTIX:2006-0004
Reference: URL:http://www.trustix.org/errata/2006/0004
Reference: BID:16414
Reference: URL:http://www.securityfocus.com/bid/16414
Reference: FRSIRT:ADV-2006-0220
Reference: URL:http://www.frsirt.com/english/advisories/2006/0220
Reference: SECUNIA:18482
Reference: URL:http://secunia.com/advisories/18482
Reference: SREASON:388
Reference: URL:http://securityreason.com/securityalert/388
Reference: XF:kernel-pptpincallrequest-dos(24203)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24203

Votes:

Name: CVE-2006-0037

Description:
ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted outbound packet that causes an incorrect offset to be calculated from pointer arithmetic when non-linear SKBs (socket buffers) are used.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710
Reference: TRUSTIX:2006-0004
Reference: URL:http://www.trustix.org/errata/2006/0004
Reference: BID:16414
Reference: URL:http://www.securityfocus.com/bid/16414
Reference: FRSIRT:ADV-2006-0220
Reference: URL:http://www.frsirt.com/english/advisories/2006/0220
Reference: SECUNIA:18482
Reference: URL:http://secunia.com/advisories/18482
Reference: SREASON:388
Reference: URL:http://securityreason.com/securityalert/388
Reference: XF:kernel-pptpnathelper-dos(24204)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24204

Votes:

Name: CVE-2006-0038

Description:
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=186295
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ee4bb818ae35f68d1f848eae0a7b150a38eb4168
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm
Reference: DEBIAN:DSA-1097
Reference: URL:http://www.debian.org/security/2006/dsa-1097
Reference: DEBIAN:DSA-1103
Reference: URL:http://www.debian.org/security/2006/dsa-1103
Reference: REDHAT:RHSA-2006:0575
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0575.html
Reference: UBUNTU:USN-302-1
Reference: URL:http://www.ubuntu.com/usn/usn-302-1
Reference: BID:17178
Reference: URL:http://www.securityfocus.com/bid/17178
Reference: FRSIRT:ADV-2006-1046
Reference: URL:http://www.frsirt.com/english/advisories/2006/1046
Reference: FRSIRT:ADV-2006-2554
Reference: URL:http://www.frsirt.com/english/advisories/2006/2554
Reference: SECUNIA:19330
Reference: URL:http://secunia.com/advisories/19330
Reference: SECUNIA:20671
Reference: URL:http://secunia.com/advisories/20671
Reference: SECUNIA:20716
Reference: URL:http://secunia.com/advisories/20716
Reference: SECUNIA:20914
Reference: URL:http://secunia.com/advisories/20914
Reference: SECUNIA:21465
Reference: URL:http://secunia.com/advisories/21465
Reference: SECUNIA:22417
Reference: URL:http://secunia.com/advisories/22417
Reference: XF:linux-netfilter-doreplace-overflow(25400)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25400

Votes:

Name: CVE-2006-0039

Description:
Race condition in the do_add_counters function in netfilter for Linux kernel 2.6.16 allows local users with CAP_NET_ADMIN capabilities to read kernel memory by triggering the race condition in a way that produces a size value that is inconsistent with allocated memory, which leads to a buffer over-read in IPT_ENTRY_ITERATE.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.16.17
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=133465
Reference: MISC:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2722971cbe831117686039d5c334f2c0f560be13
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-249.htm
Reference: DEBIAN:DSA-1097
Reference: URL:http://www.debian.org/security/2006/dsa-1097
Reference: DEBIAN:DSA-1103
Reference: URL:http://www.debian.org/security/2006/dsa-1103
Reference: REDHAT:RHSA-2006:0689
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0689.html
Reference: UBUNTU:USN-311-1
Reference: URL:http://www.ubuntu.com/usn/usn-311-1
Reference: BID:18113
Reference: URL:http://www.securityfocus.com/bid/18113
Reference: FRSIRT:ADV-2006-1893
Reference: URL:http://www.frsirt.com/english/advisories/2006/1893
Reference: FRSIRT:ADV-2006-2554
Reference: URL:http://www.frsirt.com/english/advisories/2006/2554
Reference: OSVDB:25697
Reference: URL:http://www.osvdb.org/25697
Reference: SECUNIA:20185
Reference: URL:http://secunia.com/advisories/20185
Reference: SECUNIA:20671
Reference: URL:http://secunia.com/advisories/20671
Reference: SECUNIA:20914
Reference: URL:http://secunia.com/advisories/20914
Reference: SECUNIA:20991
Reference: URL:http://secunia.com/advisories/20991
Reference: SECUNIA:22292
Reference: URL:http://secunia.com/advisories/22292
Reference: SECUNIA:22945
Reference: URL:http://secunia.com/advisories/22945
Reference: SECUNIA:21476
Reference: URL:http://secunia.com/advisories/21476
Reference: XF:linux-doaddcounters-race-condition(26583)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26583

Votes:

Name: CVE-2006-0040

Description:
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.

Status: Candidate
Phase: Assigned (20051220)
Reference: BUGTRAQ:20060301 Evolution Emailer DoS
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/426452/100/0/threaded
Reference: BID:16899
Reference: URL:http://www.securityfocus.com/bid/16899
Reference: FRSIRT:ADV-2006-0801
Reference: URL:http://www.frsirt.com/english/advisories/2006/0801
Reference: SECUNIA:19094
Reference: URL:http://secunia.com/advisories/19094
Reference: XF:evolution-email-dos(25050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25050

Votes:

Name: CVE-2006-0041

Status: Candidate
Phase: Assigned (20051220)

Votes:

Name: CVE-2006-0042

Description:
Unspecified vulnerability in (1) apreq_parse_headers and (2) apreq_parse_urlencoded functions in Apache2::Request (Libapreq2) before 2.07 allows remote attackers cause a denial of service (CPU consumption) via unknown attack vectors that result in quadratic computational complexity.

Status: Candidate
Phase: Assigned (20051220)
Reference: CONFIRM:http://svn.apache.org/viewcvs.cgi/httpd/apreq/tags/v2_07/CHANGES?rev=376998&view=markup
Reference: DEBIAN:DSA-1000
Reference: URL:http://www.debian.org/security/2006/dsa-1000
Reference: GENTOO:GLSA-200604-08
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-08.xml
Reference: BID:16710
Reference: URL:http://www.securityfocus.com/bid/16710
Reference: FRSIRT:ADV-2006-0645
Reference: URL:http://www.frsirt.com/english/advisories/2006/0645
Reference: SECUNIA:18846
Reference: URL:http://secunia.com/advisories/18846
Reference: SECUNIA:19139
Reference: URL:http://secunia.com/advisories/19139
Reference: SECUNIA:19658
Reference: URL:http://secunia.com/advisories/19658
Reference: SREASON:737
Reference: URL:http://securityreason.com/securityalert/737
Reference: XF:libapreq2-parsing-dos(24917)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24917

Votes:

Name: CVE-2006-0043

Description:
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

Status: Candidate
Phase: Assigned (20051220)
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020
Reference: DEBIAN:DSA-975
Reference: URL:http://www.debian.org/security/2006/dsa-975
Reference: SUSE:SUSE-SA:2006:005
Reference: URL:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0007.html
Reference: BID:16388
Reference: URL:http://www.securityfocus.com/bid/16388
Reference: FRSIRT:ADV-2006-0348
Reference: URL:http://www.frsirt.com/english/advisories/2006/0348
Reference: SECUNIA:18614
Reference: URL:http://secunia.com/advisories/18614
Reference: SECUNIA:18638
Reference: URL:http://secunia.com/advisories/18638
Reference: SECUNIA:18889
Reference: URL:http://secunia.com/advisories/18889
Reference: XF:nfs-rpcmountd-realpath-bo(24347)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24347

Votes:

Name: CVE-2006-0044

Description:
Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the "handling of submitted form fields".

Status: Candidate
Phase: Assigned (20051228)
Reference: CONFIRM:http://www.object-craft.com.au/projects/albatross/news.html
Reference: MISC:http://security.debian.org/pool/updates/main/a/albatross/albatross_1.20-2.diff.gz
Reference: DEBIAN:DSA-942
Reference: URL:http://www.debian.org/security/2006/dsa-942
Reference: BID:16252
Reference: URL:http://www.securityfocus.com/bid/16252
Reference: FRSIRT:ADV-2006-0196
Reference: URL:http://www.frsirt.com/english/advisories/2006/0196
Reference: OSVDB:22451
Reference: URL:http://www.osvdb.org/22451
Reference: SECUNIA:18457
Reference: URL:http://secunia.com/advisories/18457
Reference: SECUNIA:18496
Reference: URL:http://secunia.com/advisories/18496
Reference: XF:albatross-context-command-execution(24130)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24130

Votes:

Name: CVE-2006-0045

Description:
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20051228)
Reference: DEBIAN:DSA-949
Reference: URL:http://www.debian.org/security/2006/dsa-949
Reference: BID:16337
Reference: URL:http://www.securityfocus.com/bid/16337
Reference: FRSIRT:ADV-2006-0303
Reference: URL:http://www.frsirt.com/english/advisories/2006/0303
Reference: OSVDB:22690
Reference: URL:http://www.osvdb.org/22690
Reference: SECUNIA:18545
Reference: URL:http://secunia.com/advisories/18545
Reference: SECUNIA:18573
Reference: URL:http://secunia.com/advisories/18573
Reference: XF:crawl-insecure-command-execution(24262)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24262

Votes:

Name: CVE-2006-0046

Description:
squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular expressions.

Status: Candidate
Phase: Assigned (20051228)
Reference: DEBIAN:DSA-966
Reference: URL:http://www.debian.org/security/2006/dsa-966
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350308
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi/squid_redirect.diff?bug=350308;msg=5;att=1
Reference: CONFIRM:http://adzapper.sourceforge.net/cvslog.html
Reference: BID:16558
Reference: URL:http://www.securityfocus.com/bid/16558
Reference: FRSIRT:ADV-2006-0491
Reference: URL:http://www.frsirt.com/english/advisories/2006/0491
Reference: OSVDB:22900
Reference: URL:http://www.osvdb.org/22900
Reference: SECUNIA:18771
Reference: URL:http://secunia.com/advisories/18771
Reference: SECUNIA:18777
Reference: URL:http://secunia.com/advisories/18777
Reference: XF:adzapper-squid-redirect-dos(24640)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24640

Votes:

Name: CVE-2006-0047

Description:
packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.

Status: Candidate
Phase: Assigned (20051228)
Reference: BUGTRAQ:20060306 Out of memory crash in Freeciv 2.0.7
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/426866/100/0/threaded
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=355211
Reference: DEBIAN:DSA-994
Reference: URL:http://www.debian.org/security/2006/dsa-994
Reference: GENTOO:GLSA-200603-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-11.xml
Reference: MANDRIVA:MDKSA-2006:053
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:053
Reference: BID:16975
Reference: URL:http://www.securityfocus.com/bid/16975
Reference: FRSIRT:ADV-2006-0838
Reference: URL:http://www.frsirt.com/english/advisories/2006/0838
Reference: SECUNIA:19120
Reference: URL:http://secunia.com/advisories/19120
Reference: SECUNIA:19253
Reference: URL:http://secunia.com/advisories/19253
Reference: SECUNIA:19227
Reference: URL:http://secunia.com/advisories/19227
Reference: XF:freeciv-packets-dos(25166)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25166

Votes:

Name: CVE-2006-0048

Description:
Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread.

Status: Candidate
Phase: Assigned (20051228)
Reference: MISC:http://sourceforge.net/mailarchive/forum.php?thread_id=9989610&forum_id=37151
Reference: BID:17665
Reference: URL:http://www.securityfocus.com/bid/17665
Reference: FRSIRT:ADV-2006-1466
Reference: URL:http://www.frsirt.com/english/advisories/2006/1466
Reference: XF:tcpick-writec-dos(26090)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26090

Votes:

Name: CVE-2006-0049

Description:
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.

Status: Candidate
Phase: Assigned (20051228)
Reference: BUGTRAQ:20060309 GnuPG does not detect injection of unsigned data
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427324/100/0/threaded
Reference: MLIST:[gnupg-announce] 20060309 [Announce] GnuPG does not detect injection of unsigned data
Reference: URL:http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html
Reference: DEBIAN:DSA-993
Reference: URL:http://www.debian.org/security/2006/dsa-993
Reference: FEDORA:FEDORA-2006-147
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00021.html
Reference: FEDORA:FLSA-2006:185355
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433931/100/0/threaded
Reference: GENTOO:GLSA-200603-08
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-08.xml
Reference: MANDRIVA:MDKSA-2006:055
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:055
Reference: REDHAT:RHSA-2006:0266
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0266.html
Reference: SGI:20060401-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
Reference: SLACKWARE:SSA:2006-072-02
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.476477
Reference: SUSE:SUSE-SA:2006:014
Reference: URL:http://lists.suse.de/archive/suse-security-announce/2006-Mar/0003.html
Reference: TRUSTIX:2006-0014
Reference: URL:http://www.trustix.org/errata/2006/0014
Reference: UBUNTU:USN-264-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-264-1
Reference: BID:17058
Reference: URL:http://www.securityfocus.com/bid/17058
Reference: FRSIRT:ADV-2006-0915
Reference: URL:http://www.frsirt.com/english/advisories/2006/0915
Reference: OSVDB:23790
Reference: URL:http://www.osvdb.org/23790
Reference: SECTRACK:1015749
Reference: URL:http://securitytracker.com/id?1015749
Reference: SECUNIA:19173
Reference: URL:http://secunia.com/advisories/19173
Reference: SECUNIA:19203
Reference: URL:http://secunia.com/advisories/19203
Reference: SECUNIA:19244
Reference: URL:http://secunia.com/advisories/19244
Reference: SECUNIA:19231
Reference: URL:http://secunia.com/advisories/19231
Reference: SECUNIA:19249
Reference: URL:http://secunia.com/advisories/19249
Reference: SECUNIA:19287
Reference: URL:http://secunia.com/advisories/19287
Reference: SECUNIA:19197
Reference: URL:http://secunia.com/advisories/19197
Reference: SECUNIA:19232
Reference: URL:http://secunia.com/advisories/19232
Reference: SECUNIA:19234
Reference: URL:http://secunia.com/advisories/19234
Reference: SECUNIA:19532
Reference: URL:http://secunia.com/advisories/19532
Reference: SREASON:450
Reference: URL:http://securityreason.com/securityalert/450
Reference: SREASON:568
Reference: URL:http://securityreason.com/securityalert/568
Reference: XF:gnupg-nondetached-sig-verification(25184)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25184

Votes:

Name: CVE-2006-0050

Description:
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

Status: Candidate
Phase: Assigned (20051228)
Reference: DEBIAN:DSA-1013
Reference: URL:http://www.debian.org/security/2006/dsa-1013
Reference: BID:17182
Reference: URL:http://www.securityfocus.com/bid/17182
Reference: SECUNIA:19318
Reference: URL:http://secunia.com/advisories/19318
Reference: XF:snmptrapfmt-log-temprary-file(25442)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25442

Votes:

Name: CVE-2006-0051

Description:
Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function.

Status: Candidate
Phase: Assigned (20051228)
Reference: BUGTRAQ:20060405 [Kaffeine Security Advisory] Heap based buffer overflow in http_peek()
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430319/100/0/threaded
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20060404-1.txt
Reference: DEBIAN:DSA-1023
Reference: URL:http://www.debian.org/security/2006/dsa-1023
Reference: GENTOO:GLSA-200604-04
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-04.xml
Reference: MANDRIVA:MDKSA-2006:065
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:065
Reference: SUSE:SUSE-SR:2006:008
Reference: URL:http://www.novell.com/linux/security/advisories/2006_08_sr.html
Reference: UBUNTU:USN-268-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-268-1
Reference: BID:17372
Reference: URL:http://www.securityfocus.com/bid/17372
Reference: FRSIRT:ADV-2006-1229
Reference: URL:http://www.frsirt.com/english/advisories/2006/1229
Reference: SECTRACK:1015863
Reference: URL:http://securitytracker.com/id?1015863
Reference: SECUNIA:19525
Reference: URL:http://secunia.com/advisories/19525
Reference: SECUNIA:19540
Reference: URL:http://secunia.com/advisories/19540
Reference: SECUNIA:19542
Reference: URL:http://secunia.com/advisories/19542
Reference: SECUNIA:19549
Reference: URL:http://secunia.com/advisories/19549
Reference: SECUNIA:19557
Reference: URL:http://secunia.com/advisories/19557
Reference: SECUNIA:19571
Reference: URL:http://secunia.com/advisories/19571
Reference: XF:kaffeine-http-peek-bo(25631)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25631

Votes:

Name: CVE-2006-0052

Description:
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.

Status: Candidate
Phase: Assigned (20051228)
Reference: DEBIAN:DSA-1027
Reference: URL:http://www.debian.org/security/2006/dsa-1027
Reference: MANDRIVA:MDKSA-2006:061
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:061
Reference: REDHAT:RHSA-2006:0486
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0486.html
Reference: SGI:20060602-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc
Reference: SUSE:SUSE-SR:2006:008
Reference: URL:http://www.novell.com/linux/security/advisories/2006_08_sr.html
Reference: UBUNTU:USN-267-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-267-1
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892
Reference: BID:17311
Reference: URL:http://www.securityfocus.com/bid/17311
Reference: OSVDB:24367
Reference: URL:http://www.osvdb.org/24367
Reference: SECTRACK:1015851
Reference: URL:http://securitytracker.com/id?1015851
Reference: SECUNIA:19545
Reference: URL:http://secunia.com/advisories/19545
Reference: SECUNIA:19522
Reference: URL:http://secunia.com/advisories/19522
Reference: SECUNIA:19571
Reference: URL:http://secunia.com/advisories/19571
Reference: SECUNIA:20624
Reference: URL:http://secunia.com/advisories/20624
Reference: SECUNIA:20782
Reference: URL:http://secunia.com/advisories/20782

Votes:

Name: CVE-2006-0053

Description:
Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.

Status: Candidate
Phase: Assigned (20051228)
Reference: MISC:http://rt.cpan.org/Public/Bug/Display.html?id=18397
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
Reference: DEBIAN:DSA-1028
Reference: URL:http://www.debian.org/security/2006/dsa-1028
Reference: BID:17415
Reference: URL:http://www.securityfocus.com/bid/17415
Reference: FRSIRT:ADV-2006-1294
Reference: URL:http://www.frsirt.com/english/advisories/2006/1294
Reference: SECUNIA:19577
Reference: URL:http://secunia.com/advisories/19577
Reference: SECUNIA:19575
Reference: URL:http://secunia.com/advisories/19575
Reference: XF:imager-jpeg-tga-dos(25717)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25717

Votes:

Name: CVE-2006-0054

Description:
The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

Status: Candidate
Phase: Assigned (20051230)
Reference: FREEBSD:FreeBSD-SA-06:04
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc
Reference: BID:16209
Reference: URL:http://www.securityfocus.com/bid/16209
Reference: OSVDB:22319
Reference: URL:http://www.osvdb.org/22319
Reference: SECTRACK:1015477
Reference: URL:http://securitytracker.com/id?1015477
Reference: SECUNIA:18378
Reference: URL:http://secunia.com/advisories/18378
Reference: XF:ipfw-icmp-fragment-dos(24073)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24073

Votes:

Name: CVE-2006-0055

Description:
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell.

Status: Candidate
Phase: Assigned (20051230)
Reference: FREEBSD:FreeBSD-SA-06:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc
Reference: BID:16207
Reference: URL:http://www.securityfocus.com/bid/16207
Reference: OSVDB:22320
Reference: URL:http://www.osvdb.org/22320
Reference: SECTRACK:1015469
Reference: URL:http://securitytracker.com/id?1015469
Reference: SECUNIA:18404
Reference: URL:http://secunia.com/advisories/18404
Reference: XF:ee-ispell-op-symlink(24074)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24074

Votes:

Name: CVE-2006-0056

Description:
Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted passwords, which lead to a double free of a pointer that was created by the pam_get_item function. NOTE: this issue only occurs in certain configurations in which there are multiple PAM modules, PAM-MySQL is not evaluated first, and there are no requisite modules before PAM-MySQL.

Status: Candidate
Phase: Assigned (20060101)
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=499394
Reference: MISC:http://jvn.jp/cert/JVNVU%23693909/index.html
Reference: GENTOO:GLSA-200606-18
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200606-18.xml
Reference: CERT-VN:VU#693909
Reference: URL:http://www.kb.cert.org/vuls/id/693909
Reference: BID:16564
Reference: URL:http://www.securityfocus.com/bid/16564
Reference: FRSIRT:ADV-2006-0490
Reference: URL:http://www.frsirt.com/english/advisories/2006/0490
Reference: OSVDB:22994
Reference: URL:http://www.osvdb.org/22994
Reference: OSVDB:22995
Reference: URL:http://www.osvdb.org/22995
Reference: SECTRACK:1015603
Reference: URL:http://securitytracker.com/id?1015603
Reference: SECUNIA:18598
Reference: URL:http://secunia.com/advisories/18598
Reference: SECUNIA:20690
Reference: URL:http://secunia.com/advisories/20690

Votes:

Name: CVE-2006-0057

Description:
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Status: Candidate
Phase: Assigned (20060101)
Reference: CERT-VN:VU#998297
Reference: URL:http://www.kb.cert.org/vuls/id/998297
Reference: MISC:http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx
Reference: BID:16409
Reference: URL:http://www.securityfocus.com/bid/16409
Reference: OSVDB:23657
Reference: URL:http://www.osvdb.org/23657
Reference: XF:ie-activex-killbit-bypass(24379)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24379

Votes:

Name: CVE-2006-0058

Description:
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.

Status: Candidate
Phase: Assigned (20060101)
Reference: BUGTRAQ:20060322 sendmail vuln advisories (CVE-2006-0058)
Reference: URL:http://www.securityfocus.com/archive/1/428536/100/0/threaded
Reference: ISS:20060322 Sendmail Remote Signal Handling Vulnerability
Reference: URL:http://xforce.iss.net/xforce/alerts/id/216
Reference: CONFIRM:http://www.sendmail.com/company/advisory/index.shtml
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-074.htm
Reference: CONFIRM:http://www.f-secure.com/security/fsc-2006-2.shtml
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-078.htm
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
Reference: AIXAPAR:IY82992
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82992&apar=only
Reference: AIXAPAR:IY82993
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82993&apar=only
Reference: AIXAPAR:IY82994
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY82994&apar=only
Reference: DEBIAN:DSA-1015
Reference: URL:http://www.debian.org/security/2006/dsa-1015
Reference: FEDORA:FLSA:186277
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/428656/100/0/threaded
Reference: FEDORA:FEDORA-2006-193
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00018.html
Reference: FEDORA:FEDORA-2006-194
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00017.html
Reference: FREEBSD:FreeBSD-SA-06:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
Reference: GENTOO:GLSA-200603-21
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-21.xml
Reference: HP:HPSBUX02108
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
Reference: HP:SSRT061133
Reference: URL:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c00629555
Reference: HP:HPSBTU02116
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
Reference: HP:SSRT061135
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00692635
Reference: MANDRIVA:MDKSA-2006:058
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:058
Reference: NETBSD:NetBSD-SA2006-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-010.txt.asc
Reference: OPENBSD:[3.8] 006: SECURITY FIX: March 25, 2006
Reference: URL:http://www.openbsd.org/errata38.html#sendmail
Reference: OPENPKG:OpenPKG-SA-2006.007
Reference: URL:http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.007-sendmail.html
Reference: REDHAT:RHSA-2006:0264
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0264.html
Reference: REDHAT:RHSA-2006:0265
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0265.html
Reference: SCO:SCOSA-2006.24
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.24/SCOSA-2006.24.txt
Reference: SGI:20060302-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060302-01-P
Reference: SGI:20060401-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U
Reference: SLACKWARE:SSA:2006-081-01
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600
Reference: SUNALERT:102262
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102262-1
Reference: SUNALERT:102324
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102324-1
Reference: SUSE:SUSE-SA:2006:017
Reference: URL:http://www.novell.com/linux/security/advisories/2006_17_sendmail.html
Reference: CERT:TA06-081A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-081A.html
Reference: CERT-VN:VU#834865
Reference: URL:http://www.kb.cert.org/vuls/id/834865
Reference: CIAC:Q-151
Reference: URL:http://www.ciac.org/ciac/bulletins/q-151.shtml
Reference: BID:17192
Reference: URL:http://www.securityfocus.com/bid/17192
Reference: FRSIRT:ADV-2006-1049
Reference: URL:http://www.frsirt.com/english/advisories/2006/1049
Reference: FRSIRT:ADV-2006-1051
Reference: URL:http://www.frsirt.com/english/advisories/2006/1051
Reference: FRSIRT:ADV-2006-1068
Reference: URL:http://www.frsirt.com/english/advisories/2006/1068
Reference: FRSIRT:ADV-2006-1072
Reference: URL:http://www.frsirt.com/english/advisories/2006/1072
Reference: FRSIRT:ADV-2006-1139
Reference: URL:http://www.frsirt.com/english/advisories/2006/1139
Reference: FRSIRT:ADV-2006-1157
Reference: URL:http://www.frsirt.com/english/advisories/2006/1157
Reference: FRSIRT:ADV-2006-1529
Reference: URL:http://www.frsirt.com/english/advisories/2006/1529
Reference: FRSIRT:ADV-2006-2189
Reference: URL:http://www.frsirt.com/english/advisories/2006/2189
Reference: FRSIRT:ADV-2006-2490
Reference: URL:http://www.frsirt.com/english/advisories/2006/2490
Reference: OSVDB:24037
Reference: URL:http://www.osvdb.org/24037
Reference: OVAL:oval:org.mitre.oval:def:1689
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1689
Reference: SECTRACK:1015801
Reference: URL:http://securitytracker.com/id?1015801
Reference: SECUNIA:19342
Reference: URL:http://secunia.com/advisories/19342
Reference: SECUNIA:19363
Reference: URL:http://secunia.com/advisories/19363
Reference: SECUNIA:19367
Reference: URL:http://secunia.com/advisories/19367
Reference: SECUNIA:19368
Reference: URL:http://secunia.com/advisories/19368
Reference: SECUNIA:19404
Reference: URL:http://secunia.com/advisories/19404
Reference: SECUNIA:19407
Reference: URL:http://secunia.com/advisories/19407
Reference: SECUNIA:19349
Reference: URL:http://secunia.com/advisories/19349
Reference: SECUNIA:19360
Reference: URL:http://secunia.com/advisories/19360
Reference: SECUNIA:19361
Reference: URL:http://secunia.com/advisories/19361
Reference: SECUNIA:19394
Reference: URL:http://secunia.com/advisories/19394
Reference: SECUNIA:19450
Reference: URL:http://secunia.com/advisories/19450
Reference: SECUNIA:19466
Reference: URL:http://secunia.com/advisories/19466
Reference: SECUNIA:19533
Reference: URL:http://secunia.com/advisories/19533
Reference: SECUNIA:19532
Reference: URL:http://secunia.com/advisories/19532
Reference: SECUNIA:19345
Reference: URL:http://secunia.com/advisories/19345
Reference: SECUNIA:19346
Reference: URL:http://secunia.com/advisories/19346
Reference: SECUNIA:19356
Reference: URL:http://secunia.com/advisories/19356
Reference: SECUNIA:19676
Reference: URL:http://secunia.com/advisories/19676
Reference: SECUNIA:19774
Reference: URL:http://secunia.com/advisories/19774
Reference: SECUNIA:20243
Reference: URL:http://secunia.com/advisories/20243
Reference: SECUNIA:20723
Reference: URL:http://secunia.com/advisories/20723
Reference: SREASON:612
Reference: URL:http://securityreason.com/securityalert/612
Reference: SREASON:743
Reference: URL:http://securityreason.com/securityalert/743
Reference: XF:smtp-timeout-bo(24584)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24584

Votes:

Name: CVE-2006-0059

Description:
Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbitrary code via malformed packets.

Status: Candidate
Phase: Assigned (20060101)
Reference: MISC:http://www.kb.cert.org/vuls/id/JGEI-6MMS9T
Reference: MISC:http://www.digitalbond.com/SCADA_Blog/2006/05/us-cert-livedata-iccp-vulnerability.html
Reference: CERT-VN:VU#190617
Reference: URL:http://www.kb.cert.org/vuls/id/190617
Reference: BID:18010
Reference: URL:http://www.securityfocus.com/bid/18010
Reference: FRSIRT:ADV-2006-1830
Reference: URL:http://www.frsirt.com/english/advisories/2006/1830
Reference: SECTRACK:1016113
Reference: URL:http://securitytracker.com/id?1016113
Reference: SECUNIA:20146
Reference: URL:http://secunia.com/advisories/20146
Reference: XF:livedata-iccp-rfc1006-bo(26490)
Reference: URL:http://xforce.iss.net/xforce/xfdb/26490

Votes:

Name: CVE-2006-0060

Status: Candidate
Phase: Assigned (20060101)

Votes:

Name: CVE-2006-0061

Status: Candidate
Phase: Assigned (20060101)

Votes:

Name: CVE-2006-0062

Status: Candidate
Phase: Assigned (20060101)

Votes:

Name: CVE-2006-0063

Description:
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.

Status: Candidate
Phase: Assigned (20060103)
Reference: SREASONRES:20060105 phpBB 2.0.19 XSS
Reference: URL:http://securityreason.com/achievement_securityalert/30
Reference: MISC:http://securityreason.com/securityalert/313
Reference: FRSIRT:ADV-2006-0051
Reference: URL:http://www.frsirt.com/english/advisories/2006/0051
Reference: OSVDB:22672
Reference: URL:http://www.osvdb.org/22672
Reference: SREASON:313
Reference: URL:http://securityreason.com/securityalert/313

Votes:

Name: CVE-2006-0064

Description:
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: MILW0RM:1398
Reference: URL:http://milw0rm.com/exploits/1398
Reference: FRSIRT:ADV-2006-0016
Reference: URL:http://www.frsirt.com/english/advisories/2006/0016

Votes:

Name: CVE-2006-0065

Description:
SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420661/100/0/threaded
Reference: MISC:http://evuln.com/vulns/1/summary.html
Reference: BID:16107
Reference: URL:http://www.securityfocus.com/bid/16107
Reference: FRSIRT:ADV-2006-0003
Reference: URL:http://www.frsirt.com/english/advisories/2006/0003
Reference: OSVDB:22140
Reference: URL:http://www.osvdb.org/22140
Reference: SECUNIA:18273
Reference: URL:http://secunia.com/advisories/18273
Reference: SREASON:315
Reference: URL:http://securityreason.com/securityalert/315

Votes:

Name: CVE-2006-0066

Description:
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbitrary SQL commands via the readold parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] PHPjournaler SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420666/100/0/threaded
Reference: MISC:http://evuln.com/vulns/9/summary.html
Reference: BID:16111
Reference: URL:http://www.securityfocus.com/bid/16111
Reference: FRSIRT:ADV-2006-0006
Reference: URL:http://www.frsirt.com/english/advisories/2006/0006
Reference: OSVDB:22149
Reference: URL:http://www.osvdb.org/22149
Reference: SECUNIA:18265
Reference: URL:http://secunia.com/advisories/18265

Votes:

Name: CVE-2006-0067

Description:
SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] VEGO Links Builder Authentication Bypass
Reference: MISC:http://evuln.com/vulns/2/summary.html
Reference: BID:16108
Reference: URL:http://www.securityfocus.com/bid/16108
Reference: FRSIRT:ADV-2006-0004
Reference: URL:http://www.frsirt.com/english/advisories/2006/0004
Reference: OSVDB:22139
Reference: URL:http://www.osvdb.org/22139
Reference: SECUNIA:18272
Reference: URL:http://secunia.com/advisories/18272

Votes:

Name: CVE-2006-0068

Description:
SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php.

Status: Candidate
Phase: Assigned (20060103)
Reference: MISC:http://pridels0.blogspot.com/2006/01/primo-cart-sql-inj.html
Reference: BID:16125
Reference: URL:http://www.securityfocus.com/bid/16125
Reference: FRSIRT:ADV-2006-0008
Reference: URL:http://www.frsirt.com/english/advisories/2006/0008
Reference: OSVDB:22146
Reference: URL:http://www.osvdb.org/22146
Reference: OSVDB:22147
Reference: URL:http://www.osvdb.org/22147
Reference: SECUNIA:18264
Reference: URL:http://secunia.com/advisories/18264

Votes:

Name: CVE-2006-0069

Description:
Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] Chipmunk Guestbook XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420667/100/0/threaded
Reference: MISC:http://evuln.com/vulns/4/summary.html
Reference: BID:16112
Reference: URL:http://www.securityfocus.com/bid/16112
Reference: BID:19087
Reference: URL:http://www.securityfocus.com/bid/19087
Reference: SECUNIA:18270
Reference: URL:http://secunia.com/advisories/18270

Votes:

Name: CVE-2006-0070

Description:
** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060102 Drupal all versiyon xss cehennem.org
Reference: URL:http://www.securityfocus.com/archive/1/420671/100/0/threaded
Reference: BUGTRAQ:20060103 Re: Drupal all versiyon xss cehennem.org
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420683/100/0/threaded

Votes:

Name: CVE-2006-0071

Description:
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.

Status: Candidate
Phase: Assigned (20060103)
Reference: GENTOO:GLSA-200601-01
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
Reference: BID:16120
Reference: URL:http://www.securityfocus.com/bid/16120
Reference: OSVDB:22211
Reference: URL:http://www.osvdb.org/22211
Reference: SECUNIA:18284
Reference: URL:http://secunia.com/advisories/18284

Votes:

Name: CVE-2006-0072

Description:
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060102 SCO Openserver 5.0.x exploit
Reference: URL:http://www.securityfocus.com/archive/1/420677
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/Openserver_bof.c
Reference: BID:16122
Reference: URL:http://www.securityfocus.com/bid/16122

Votes:

Name: CVE-2006-0073

Description:
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060103)
Reference: BID:16119
Reference: URL:http://www.securityfocus.com/bid/16119
Reference: OSVDB:22153
Reference: URL:http://www.osvdb.org/22153
Reference: SECUNIA:18283
Reference: URL:http://secunia.com/advisories/18283

Votes:

Name: CVE-2006-0074

Description:
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] PHPenpals SQL Injection Vulnerabilit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420690/100/0/threaded
Reference: MISC:http://evuln.com/vulns/5/summary.html
Reference: BID:16109
Reference: URL:http://www.securityfocus.com/bid/16109
Reference: FRSIRT:ADV-2006-0005
Reference: URL:http://www.frsirt.com/english/advisories/2006/0005
Reference: OSVDB:22150
Reference: URL:http://www.osvdb.org/22150
Reference: SECUNIA:18269
Reference: URL:http://secunia.com/advisories/18269

Votes:

Name: CVE-2006-0075

Description:
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] phpBook PHP Code Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420698/100/0/threaded
Reference: MISC:http://evuln.com/vulns/6/summary.html
Reference: BID:16106
Reference: URL:http://www.securityfocus.com/bid/16106
Reference: FRSIRT:ADV-2006-0002
Reference: URL:http://www.frsirt.com/english/advisories/2006/0002
Reference: SECUNIA:18268
Reference: URL:http://secunia.com/advisories/18268

Votes:

Name: CVE-2006-0076

Description:
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

Status: Candidate
Phase: Assigned (20060103)
Reference: BUGTRAQ:20060101 [eVuln] oaBoard PHP Code Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420676/100/0/threaded
Reference: BUGTRAQ:20060530 OaBoard 1.0 Remote File inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/435371/100/0/threaded
Reference: BUGTRAQ:20060531 Re: OaBoard 1.0 Remote File inclusion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/435859/100/0/threaded
Reference: MISC:http://evuln.com/vulns/3/summary.html
Reference: BID:16105
Reference: URL:http://www.securityfocus.com/bid/16105
Reference: SECTRACK:1016211
Reference: URL:http://securitytracker.com/id?1016211

Votes:

Name: CVE-2006-0077

Description:
Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors.

Status: Candidate
Phase: Assigned (20060103)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=382199&group_id=153116
Reference: BID:16118
Reference: URL:http://www.securityfocus.com/bid/16118
Reference: FRSIRT:ADV-2006-0013
Reference: URL:http://www.frsirt.com/english/advisories/2006/0013
Reference: OSVDB:22160
Reference: URL:http://www.osvdb.org/22160
Reference: SECUNIA:18253
Reference: URL:http://secunia.com/advisories/18253

Votes:

Name: CVE-2006-0078

Description:
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php.

Status: Candidate
Phase: Assigned (20060104)
Reference: BUGTRAQ:20060102 [eVuln] B-net Software Multiple XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420673/100/0/threaded
Reference: BUGTRAQ:20060825 Re: [eVuln] B-net Software Multiple XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/444320/100/0/threaded
Reference: MISC:http://evuln.com/vulns/10/summary.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=442067&group_id=117067
Reference: BID:16114
Reference: URL:http://www.securityfocus.com/bid/16114
Reference: FRSIRT:ADV-2006-0018
Reference: URL:http://www.frsirt.com/english/advisories/2006/0018
Reference: OSVDB:22190
Reference: URL:http://www.osvdb.org/22190
Reference: OSVDB:22191
Reference: URL:http://www.osvdb.org/22191
Reference: SECUNIA:18271
Reference: URL:http://secunia.com/advisories/18271
Reference: SREASON:316
Reference: URL:http://securityreason.com/securityalert/316

Votes:

Name: CVE-2006-0079

Description:
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable).

Status: Candidate
Phase: Assigned (20060104)
Reference: BUGTRAQ:20060102 [eVuln] ScozBook "adminname" Authentication Bypass
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420675/100/0/threaded
Reference: MISC:http://evuln.com/vulns/11/summary.html
Reference: BID:16115
Reference: URL:http://www.securityfocus.com/bid/16115
Reference: FRSIRT:ADV-2006-0027
Reference: URL:http://www.frsirt.com/english/advisories/2006/0027
Reference: OSVDB:22221
Reference: URL:http://www.osvdb.org/22221
Reference: SECUNIA:8476
Reference: URL:http://secunia.com/advisories/8476
Reference: SREASON:318
Reference: URL:http://securityreason.com/securityalert/318

Votes:

Name: CVE-2006-0080

Description:
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php.

Status: Candidate
Phase: Assigned (20060104)
Reference: BUGTRAQ:20060101 [KAPDA::#19] - Html Injection in vBulletin 3.5.2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420663/100/0/threaded
Reference: BUGTRAQ:20060110 Re: Html_Injection in vBulletin 3.5.2
Reference: MISC:http://kapda.ir/advisory-177.html
Reference: BUGTRAQ:20060108 Html_Injection in vBulletin 3.5.2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421310/100/0/threaded
Reference: BID:16116
Reference: URL:http://www.securityfocus.com/bid/16116
Reference: FRSIRT:ADV-2006-0033
Reference: URL:http://www.frsirt.com/english/advisories/2006/0033
Reference: OSVDB:22210
Reference: URL:http://www.osvdb.org/22210
Reference: OSVDB:22220
Reference: URL:http://www.osvdb.org/22220
Reference: SECUNIA:18299
Reference: URL:http://secunia.com/advisories/18299

Votes:

Name: CVE-2006-0081

Description:
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title.

Status: Candidate
Phase: Assigned (20060104)
Reference: FULLDISC:20060102 Buffer Overflow vulnerability in Windows Display Manager [Suspected]
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0003.html
Reference: FULLDISC:20060103 Re: Buffer Overflow vulnerability in Windows Display Manager [Suspected]
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0029.html
Reference: FULLDISC:20060103 Re: [Full-disclosure] Buffer Overflow vulnerability in Windows Display Manager [Suspected]
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0029.html
Reference: BID:16127
Reference: URL:http://www.securityfocus.com/bid/16127
Reference: FRSIRT:ADV-2006-0017
Reference: URL:http://www.frsirt.com/english/advisories/2006/0017
Reference: OSVDB:22196
Reference: URL:http://www.osvdb.org/22196
Reference: SECUNIA:18286
Reference: URL:http://secunia.com/advisories/18286

Votes:

Name: CVE-2006-0082

Description:
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.

Status: Candidate
Phase: Assigned (20060104)
Reference: BUGTRAQ:20061127 rPSA-2006-0218-1 ImageMagick
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/452718/100/100/threaded
Reference: CONFIRM:https://issues.rpath.com/browse/RPL-389
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=345876
Reference: DEBIAN:DSA-1213
Reference: URL:http://www.debian.org/security/2006/dsa-1213
Reference: GENTOO:GLSA-200602-06
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200602-06.xml
Reference: GENTOO:GLSA-200602-13.xml
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200602-13.xml
Reference: MANDRIVA:MDKSA-2006:024
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:024
Reference: REDHAT:RHSA-2006:0178
Reference: URL:http://rhn.redhat.com/errata/RHSA-2006-0178.html
Reference: SGI:20060301-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
Reference: SLACKWARE:SSA:2006-045-03
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.341682
Reference: SUNALERT:231321
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1
Reference: SUSE:SUSE-SR:2006:006
Reference: URL:http://www.novell.com/linux/security/advisories/2006_06_sr.html
Reference: UBUNTU:USN-246-1
Reference: URL:http://www.ubuntu.com/usn/usn-246-1
Reference: BID:12717
Reference: URL:http://www.securityfocus.com/bid/12717
Reference: FRSIRT:ADV-2008-0412
Reference: URL:http://www.frsirt.com/english/advisories/2008/0412
Reference: SECTRACK:1015623
Reference: URL:http://securitytracker.com/id?1015623
Reference: SECUNIA:18607
Reference: URL:http://secunia.com/advisories/18607
Reference: SECUNIA:18261
Reference: URL:http://secunia.com/advisories/18261
Reference: SECUNIA:18851
Reference: URL:http://secunia.com/advisories/18851
Reference: SECUNIA:18871
Reference: URL:http://secunia.com/advisories/18871
Reference: SECUNIA:19030
Reference: URL:http://secunia.com/advisories/19030
Reference: SECUNIA:19183
Reference: URL:http://secunia.com/advisories/19183
Reference: SECUNIA:19408
Reference: URL:http://secunia.com/advisories/19408
Reference: SECUNIA:22998
Reference: URL:http://secunia.com/advisories/22998
Reference: SECUNIA:23090
Reference: URL:http://secunia.com/advisories/23090
Reference: SECUNIA:28800
Reference: URL:http://secunia.com/advisories/28800
Reference: SREASON:500
Reference: URL:http://securityreason.com/securityalert/500

Votes:

Name: CVE-2006-0083

Description:
Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.

Status: Candidate
Phase: Assigned (20060104)
Reference: DEBIAN:DSA-930
Reference: URL:http://www.debian.org/security/2005/dsa-930
Reference: BID:16188
Reference: URL:http://www.securityfocus.com/bid/16188
Reference: OSVDB:22287
Reference: URL:http://www.osvdb.org/22287
Reference: SECUNIA:18343
Reference: URL:http://secunia.com/advisories/18343
Reference: SECUNIA:18357
Reference: URL:http://secunia.com/advisories/18357
Reference: XF:smstools-logging-format-string(24034)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24034

Votes:

Name: CVE-2006-0084

Description:
Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header).

Status: Candidate
Phase: Assigned (20060105)
Reference: VIM:20060116 vendor ack/fix: 22198: raSMP index.php User-Agent Field XSS (fwd)
Reference: URL:http://attrition.org/pipermail/vim/2006-January/000486.html
Reference: MISC:http://evuln.com/vulns/13/summary.html
Reference: BID:16138
Reference: URL:http://www.securityfocus.com/bid/16138
Reference: FRSIRT:ADV-2006-0030
Reference: URL:http://www.frsirt.com/english/advisories/2006/0030
Reference: OSVDB:22198
Reference: URL:http://www.osvdb.org/22198
Reference: SECTRACK:1015432
Reference: URL:http://securitytracker.com/id?1015432
Reference: SECUNIA:18292
Reference: URL:http://secunia.com/advisories/18292

Votes:

Name: CVE-2006-0085

Description:
SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters.

Status: Candidate
Phase: Assigned (20060105)
Reference: MISC:http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt
Reference: FRSIRT:ADV-2006-0040
Reference: URL:http://www.frsirt.com/english/advisories/2006/0040
Reference: OSVDB:22206
Reference: URL:http://www.osvdb.org/22206
Reference: SECUNIA:18302
Reference: URL:http://secunia.com/advisories/18302

Votes:

Name: CVE-2006-0086

Description:
Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Status: Candidate
Phase: Assigned (20060105)
Reference: MISC:http://osvdb.org/ref/22/22202-nextgen.txt
Reference: FRSIRT:ADV-2006-0037
Reference: URL:http://www.frsirt.com/english/advisories/2006/0037
Reference: OSVDB:22202
Reference: URL:http://www.osvdb.org/22202
Reference: SECUNIA:18309
Reference: URL:http://secunia.com/advisories/18309

Votes:

Name: CVE-2006-0087

Description:
SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20060105)
Reference: BUGTRAQ:20060104 [eVuln] Lizard Cart CMS SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420772/100/0/threaded
Reference: MISC:http://www.evuln.com/vulns/12/summary.html
Reference: BID:16140
Reference: URL:http://www.securityfocus.com/bid/16140
Reference: FRSIRT:ADV-2006-0029
Reference: URL:http://www.frsirt.com/english/advisories/2006/0029
Reference: OSVDB:22199
Reference: URL:http://www.osvdb.org/22199
Reference: OSVDB:22200
Reference: URL:http://www.osvdb.org/22200
Reference: SECTRACK:1015435
Reference: URL:http://securitytracker.com/id?1015435
Reference: SECUNIA:18297
Reference: URL:http://secunia.com/advisories/18297
Reference: SREASON:314
Reference: URL:http://securityreason.com/securityalert/314

Votes:

Name: CVE-2006-0088

Description:
SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter.

Status: Candidate
Phase: Assigned (20060105)
Reference: BUGTRAQ:20060101 [eVuln] inTouch Authentication Bypass
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420672/100/0/threaded
Reference: MISC:http://evuln.com/vulns/8/summary.html
Reference: BID:16110
Reference: URL:http://www.securityfocus.com/bid/16110
Reference: FRSIRT:ADV-2006-0026
Reference: URL:http://www.frsirt.com/english/advisories/2006/0026
Reference: OSVDB:22382
Reference: URL:http://www.osvdb.org/22382
Reference: XF:intouch-intouch-sql-injection(23954)
Reference: URL:http://xforce.iss.net/xforce/xfdb/23954

Votes:

Name: CVE-2006-0089

Description:
Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string attribute.

Status: Candidate
Phase: Assigned (20060105)
Reference: MISC:http://users.pandora.be/bratax/advisories/b007.html
Reference: BID:16136
Reference: URL:http://www.securityfocus.com/bid/16136
Reference: FRSIRT:ADV-2006-0032
Reference: URL:http://www.frsirt.com/english/advisories/2006/0032
Reference: OSVDB:22208
Reference: URL:http://www.osvdb.org/22208
Reference: SECUNIA:18294
Reference: URL:http://secunia.com/advisories/18294

Votes:

Name: CVE-2006-0090

Description:
Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter.

Status: Candidate
Phase: Assigned (20060105)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499
Reference: BID:16137
Reference: URL:http://www.securityfocus.com/bid/16137
Reference: FRSIRT:ADV-2006-0031
Reference: URL:http://www.frsirt.com/english/advisories/2006/0031
Reference: SECUNIA:18298
Reference: URL:http://secunia.com/advisories/18298

Votes:

Name: CVE-2006-0091

Description:
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline.

Status: Candidate
Phase: Assigned (20060105)
Reference: FULLDISC:20060103 Open Xchange XSS
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=113629092325679&w=2
Reference: FRSIRT:ADV-2006-0034
Reference: URL:http://www.frsirt.com/english/advisories/2006/0034
Reference: SECTRACK:1015431
Reference: URL:http://securitytracker.com/id?1015431
Reference: SECUNIA:18285
Reference: URL:http://secunia.com/advisories/18285

Votes:

Name: CVE-2006-0092

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a duplicate of a SiteSuite issue that was also assigned CVE-2006-0158. Notes: All CVE users should consult CVE-2006-0992 and CVE-2006-0158 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20060105)
Reference: SREASON:709
Reference: URL:http://securityreason.com/securityalert/709

Votes:

Name: CVE-2006-0093

Description:
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

Status: Candidate
Phase: Assigned (20060105)
Reference: MISC:http://osvdb.org/ref/22/22203-ecardmax.txt
Reference: FRSIRT:ADV-2006-0039
Reference: URL:http://www.frsirt.com/english/advisories/2006/0039
Reference: OSVDB:22203
Reference: URL:http://www.osvdb.org/22203
Reference: SECUNIA:18306
Reference: URL:http://secunia.com/advisories/18306

Votes:

Name: CVE-2006-0094

Description:
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060105)
Reference: FRSIRT:ADV-2006-0028
Reference: URL:http://www.frsirt.com/english/advisories/2006/0028
Reference: SECUNIA:17373
Reference: URL:http://secunia.com/advisories/17373

Votes:

Name: CVE-2006-0095

Description:
dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.

Status: Candidate
Phase: Assigned (20060106)
Reference: MLIST:[linux-kernel] 20060104 [Patch 2.6] dm-crypt: zero key before freeing it
Reference: URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=113640535312572&w=2
Reference: MLIST:[linux-kernel] 20060104 [Patch 2.6] dm-crypt: Zero key material before free to avoid information leak
Reference: URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=113641114812886&w=2
Reference: DEBIAN:DSA-1017
Reference: URL:http://www.debian.org/security/2006/dsa-1017
Reference: FEDORA:FLSA:157459-4
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427981/100/0/threaded
Reference: FEDORA:FEDORA-2006-102
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00037.html
Reference: MANDRIVA:MDKSA-2006:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:040
Reference: REDHAT:RHSA-2006:0132
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0132.html
Reference: SUSE:SUSE-SA:2006:028
Reference: URL:http://www.novell.com/linux/security/advisories/2006-05-31.html
Reference: TRUSTIX:2006-0004
Reference: URL:http://www.trustix.org/errata/2006/0004
Reference: UBUNTU:USN-244-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-244-1
Reference: BID:16301
Reference: URL:http://www.securityfocus.com/bid/16301
Reference: FRSIRT:ADV-2006-0235
Reference: URL:http://www.frsirt.com/english/advisories/2006/0235
Reference: OSVDB:22418
Reference: URL:http://www.osvdb.org/22418
Reference: SECTRACK:1015740
Reference: URL:http://securitytracker.com/id?1015740
Reference: SECUNIA:18487
Reference: URL:http://secunia.com/advisories/18487
Reference: SECUNIA:19160
Reference: URL:http://secunia.com/advisories/19160
Reference: SECUNIA:19374
Reference: URL:http://secunia.com/advisories/19374
Reference: SECUNIA:18527
Reference: URL:http://secunia.com/advisories/18527
Reference: SECUNIA:18774
Reference: URL:http://secunia.com/advisories/18774
Reference: SECUNIA:20398
Reference: URL:http://secunia.com/advisories/20398
Reference: SREASON:388
Reference: URL:http://securityreason.com/securityalert/388
Reference: XF:kernel-dmcrypt-information-disclosure(24189)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24189

Votes:

Name: CVE-2006-0096

Description:
wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 does not require the CAP_SYS_RAWIO privilege for an SDLA firmware upgrade, with unknown impact and local attack vectors. NOTE: further investigation suggests that this issue requires root privileges to exploit, since it is protected by CAP_NET_ADMIN; thus it might not be a vulnerability, although capabilities provide finer distinctions between privilege levels.

Status: Candidate
Phase: Assigned (20060106)
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=0f1d4813a4a65296e1131f320a60741732bc068f
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@1.1448.91.23?nav=index.html|src/|src/drivers|src/drivers/net|src/drivers/net/wan|related/drivers/net/wan/sdla.c
Reference: DEBIAN:DSA-1017
Reference: URL:http://www.debian.org/security/2006/dsa-1017
Reference: MANDRIVA:MDKSA-2006:044
Reference: URL:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044
Reference: UBUNTU:USN-244-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-244-1
Reference: BID:16304
Reference: URL:http://www.securityfocus.com/bid/16304
Reference: SECUNIA:18977
Reference: URL:http://secunia.com/advisories/18977
Reference: SECUNIA:19374
Reference: URL:http://secunia.com/advisories/19374
Reference: SECUNIA:18527
Reference: URL:http://secunia.com/advisories/18527

Votes:

Name: CVE-2006-0097

Description:
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

Status: Candidate
Phase: Assigned (20060106)
Reference: FULLDISC:20060105 Windows PHP 4.x "0-day" buffer overflow
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041013.html
Reference: BUGTRAQ:20060105 Windows PHP 4.x "0-day" buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420986/100/0/threaded
Reference: FULLDISC:20060108 RE: Windows PHP 4.x "0-day" buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0274.html
Reference: CONFIRM:http://www.php.net/ChangeLog-4.php#4.4.3
Reference: BID:16145
Reference: URL:http://www.securityfocus.com/bid/16145
Reference: FRSIRT:ADV-2006-0046
Reference: URL:http://www.frsirt.com/english/advisories/2006/0046
Reference: OSVDB:22232
Reference: URL:http://www.osvdb.org/22232
Reference: SECUNIA:18275
Reference: URL:http://secunia.com/advisories/18275

Votes:

Name: CVE-2006-0098

Description:
The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/.

Status: Candidate
Phase: Assigned (20060106)
Reference: OPENBSD:[3.7] 20060105 008: SECURITY FIX: January 5, 2006
Reference: URL:http://www.openbsd.org/errata37.html#fd
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/008_fd.patch
Reference: BID:16144
Reference: URL:http://www.securityfocus.com/bid/16144
Reference: OSVDB:22231
Reference: URL:http://www.osvdb.org/22231
Reference: SECTRACK:1015437
Reference: URL:http://securitytracker.com/id?1015437
Reference: SECUNIA:18296
Reference: URL:http://secunia.com/advisories/18296

Votes:

Name: CVE-2006-0099

Description:
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.

Status: Candidate
Phase: Assigned (20060106)
Reference: MILW0RM:1401
Reference: URL:http://milw0rm.com/exploits/1401
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/cijfer-vscxpl.pl
Reference: BID:16126
Reference: URL:http://www.securityfocus.com/bid/16126

Votes:

Name: CVE-2006-0100

Description:
Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060102 NicoFTP Stack Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420670/100/0/threaded
Reference: SREASON:317
Reference: URL:http://securityreason.com/securityalert/317

Votes:

Name: CVE-2006-0101

Description:
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.

Status: Candidate
Phase: Assigned (20060106)
Reference: MISC:http://osvdb.org/ref/22/22373-sblog.txt
Reference: FRSIRT:ADV-2006-0041
Reference: URL:http://www.frsirt.com/english/advisories/2006/0041
Reference: OSVDB:22373
Reference: URL:http://www.osvdb.org/22373
Reference: OSVDB:22374
Reference: URL:http://www.osvdb.org/22374
Reference: XF:sblog-multiple-scripts-xss(23979)
Reference: URL:http://xforce.iss.net/xforce/xfdb/23979

Votes:

Name: CVE-2006-0102

Description:
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420933/100/0/threaded
Reference: MISC:http://evuln.com/vulns/14/summary.html
Reference: FRSIRT:ADV-2006-0054
Reference: URL:http://www.frsirt.com/english/advisories/2006/0054
Reference: OSVDB:22256
Reference: URL:http://www.osvdb.org/22256
Reference: SECTRACK:1015436
Reference: URL:http://securitytracker.com/id?1015436
Reference: SECUNIA:18293
Reference: URL:http://secunia.com/advisories/18293
Reference: SREASON:320
Reference: URL:http://securityreason.com/securityalert/320

Votes:

Name: CVE-2006-0103

Description:
TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all registered users and possibly obtain other sensitive information.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420933/100/0/threaded
Reference: MISC:http://evuln.com/vulns/14/summary.html
Reference: BUGTRAQ:20060417 Tiny PHP forum - vulns
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431133/100/0/threaded
Reference: FRSIRT:ADV-2006-0054
Reference: URL:http://www.frsirt.com/english/advisories/2006/0054
Reference: OSVDB:22257
Reference: URL:http://www.osvdb.org/22257
Reference: SECTRACK:1015436
Reference: URL:http://securitytracker.com/id?1015436
Reference: SECUNIA:18293
Reference: URL:http://secunia.com/advisories/18293
Reference: SREASON:320
Reference: URL:http://securityreason.com/securityalert/320
Reference: XF:tinyphpforum-users-information-disclosure(24016)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24016

Votes:

Name: CVE-2006-0104

Description:
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create a new user account, create a new topic, or view the profile of a user account, as demonstrated via a .. (dot dot) in the uname parameter to profile.php.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060105 [eVuln] TinyPHPForum Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420933/100/0/threaded
Reference: MISC:http://evuln.com/vulns/14/exploit.html
Reference: MISC:http://evuln.com/vulns/14/summary.html
Reference: BID:16163
Reference: URL:http://www.securityfocus.com/bid/16163
Reference: FRSIRT:ADV-2006-0054
Reference: URL:http://www.frsirt.com/english/advisories/2006/0054
Reference: OSVDB:22258
Reference: URL:http://www.osvdb.org/22258
Reference: SECTRACK:1015436
Reference: URL:http://securitytracker.com/id?1015436
Reference: SECUNIA:18293
Reference: URL:http://secunia.com/advisories/18293
Reference: SREASON:320
Reference: URL:http://securityreason.com/securityalert/320

Votes:

Name: CVE-2006-0105

Description:
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060111 PostgreSQL security releases 8.0.6 and 8.1.2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421592/100/0/threaded
Reference: MLIST:[pgsql-announce] 20060109 CRITICAL RELEASE: Minor Releases to Fix DoS Vulnerability
Reference: URL:http://archives.postgresql.org/pgsql-announce/2006-01/msg00001.php
Reference: CONFIRM:http://www.postgresql.org/about/news.456
Reference: BID:16201
Reference: URL:http://www.securityfocus.com/bid/16201
Reference: FRSIRT:ADV-2006-0114
Reference: URL:http://www.frsirt.com/english/advisories/2006/0114
Reference: SECTRACK:1015482
Reference: URL:http://securitytracker.com/id?1015482
Reference: SECUNIA:18419
Reference: URL:http://secunia.com/advisories/18419
Reference: SREASON:327
Reference: URL:http://securityreason.com/securityalert/327
Reference: XF:postgresql-connection-request-dos(24049)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24049

Votes:

Name: CVE-2006-0106

Description:
gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060117 ERRATA: [ GLSA 200601-09 ] Wine: Windows Metafile SETABORTPROC vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422128/100/0/threaded
Reference: MLIST:[Dailydave] 20060105 WMF goes away :<
Reference: URL:http://lists.immunitysec.com/pipermail/dailydave/2006-January/002806.html
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346197
Reference: DEBIAN:DSA-954
Reference: URL:http://www.debian.org/security/2006/dsa-954
Reference: GENTOO:GLSA-200601-09
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200601-09.xml
Reference: MANDRIVA:MDKSA-2006:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:014
Reference: SUSE:SUSE-SR:2006:002
Reference: URL:http://www.novell.com/linux/security/advisories/2006_02_sr.html
Reference: FRSIRT:ADV-2006-0098
Reference: URL:http://www.frsirt.com/english/advisories/2006/0098
Reference: SECUNIA:18323
Reference: URL:http://secunia.com/advisories/18323
Reference: SECUNIA:18451
Reference: URL:http://secunia.com/advisories/18451
Reference: SECUNIA:18549
Reference: URL:http://secunia.com/advisories/18549
Reference: SECUNIA:18578
Reference: URL:http://secunia.com/advisories/18578
Reference: XF:win-wmf-execute-code(23846)
Reference: URL:http://xforce.iss.net/xforce/xfdb/23846

Votes:

Name: CVE-2006-0107

Description:
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0108.

Status: Candidate
Phase: Assigned (20060106)
Reference: BID:16159
Reference: URL:http://www.securityfocus.com/bid/16159
Reference: OSVDB:22252
Reference: URL:http://www.osvdb.org/22252
Reference: SECUNIA:18324
Reference: URL:http://secunia.com/advisories/18324
Reference: XF:timecancms-sql-injection(24014)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24014

Votes:

Name: CVE-2006-0108

Description:
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Due to the unavailability of the original source, it cannot be determined if this is the same issue as identified by CVE-2006-0107.

Status: Candidate
Phase: Assigned (20060106)
Reference: FRSIRT:ADV-2006-0078
Reference: URL:http://www.frsirt.com/english/advisories/2006/0078
Reference: OSVDB:22253
Reference: URL:http://www.osvdb.org/22253
Reference: OSVDB:22252
Reference: URL:http://www.osvdb.org/22252
Reference: XF:timecancms-sql-injection(24014)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24014

Votes:

Name: CVE-2006-0109

Description:
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

Status: Candidate
Phase: Assigned (20060106)
Reference: MISC:http://osvdb.org/ref/22/22243-modular.txt
Reference: MISC:http://www.modularmerchant.com/forums/viewtopic.php?t=46
Reference: VIM:20060214 vendor ack/fix 22243: Modular Merchant Marketplace Shopping Cart category.php cat Variable XSS (fwd)
Reference: URL:http://attrition.org/pipermail/vim/2006-February/000548.html
Reference: BID:16160
Reference: URL:http://www.securityfocus.com/bid/16160
Reference: FRSIRT:ADV-2006-0076
Reference: URL:http://www.frsirt.com/english/advisories/2006/0076
Reference: OSVDB:22243
Reference: URL:http://www.osvdb.org/22243
Reference: SECUNIA:18320
Reference: URL:http://secunia.com/advisories/18320

Votes:

Name: CVE-2006-0110

Description:
Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter.

Status: Candidate
Phase: Assigned (20060106)
Reference: BUGTRAQ:20060106 [eVuln] Proyecto Domus 'email' XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421056/100/0/threaded
Reference: MISC:http://evuln.com/vulns/16/summary.html
Reference: BID:16154
Reference: URL:http://www.securityfocus.com/bid/16154
Reference: FRSIRT:ADV-2006-0073
Reference: URL:http://www.frsirt.com/english/advisories/2006/0073
Reference: OSVDB:22263
Reference: URL:http://www.osvdb.org/22263
Reference: SECUNIA:18327
Reference: URL:http://secunia.com/advisories/18327
Reference: XF:domus-escribir-xss(24020)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24020

Votes:

Name: CVE-2006-0111

Description:
Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter.

Status: Candidate
Phase: Assigned (20060106)
Reference: MISC:http://osvdb.org/ref/22/22360-boxcar.txt
Reference: FRSIRT:ADV-2006-0080
Reference: URL:http://www.frsirt.com/english/advisories/2006/0080
Reference: OSVDB:22360
Reference: URL:http://www.osvdb.org/22360
Reference: XF:boxcar-index-xss(24019)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24019

Votes:

Name: CVE-2006-0112

Description:
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

Status: Candidate
Phase: Assigned (20060107)
Reference: MISC:http://osvdb.org/ref/22/22201-espg.txt
Reference: FRSIRT:ADV-2006-0036
Reference: URL:http://www.frsirt.com/english/advisories/2006/0036
Reference: OSVDB:22201
Reference: URL:http://www.osvdb.org/22201
Reference: SECUNIA:18310
Reference: URL:http://secunia.com/advisories/18310

Votes:

Name: CVE-2006-0113

Description:
Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message.

Status: Candidate
Phase: Assigned (20060107)
Reference: MISC:http://osvdb.org/ref/22/22201-espg.txt
Reference: OSVDB:22417
Reference: URL:http://www.osvdb.org/22417
Reference: SECUNIA:18310
Reference: URL:http://secunia.com/advisories/18310

Votes:

Name: CVE-2006-0114

Description:
The vCard functions in Joomla! 1.0.5 use predictable sequential IDs for vcards and do not restrict access to them, which allows remote attackers to obtain valid e-mail addresses to conduct spam attacks by modifying the contact_id parameter to index2.php.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://www.listerit.com/content/view/116/84/
Reference: CONFIRM:http://forum.joomla.org/index.php/topic,29031.0.html
Reference: CONFIRM:http://forge.joomla.org/sf/go/artf2950
Reference: BID:16185
Reference: URL:http://www.securityfocus.com/bid/16185
Reference: FRSIRT:ADV-2006-0097
Reference: URL:http://www.frsirt.com/english/advisories/2006/0097
Reference: SECUNIA:18361
Reference: URL:http://secunia.com/advisories/18361
Reference: XF:joomla-vcard-information-disclosure(24042)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24042

Votes:

Name: CVE-2006-0115

Description:
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://osvdb.org/ref/22/22248-oneplug.txt
Reference: BID:16155
Reference: URL:http://www.securityfocus.com/bid/16155
Reference: FRSIRT:ADV-2006-0079
Reference: URL:http://www.frsirt.com/english/advisories/2006/0079
Reference: OSVDB:22248
Reference: URL:http://www.osvdb.org/22248
Reference: OSVDB:22249
Reference: URL:http://www.osvdb.org/22249
Reference: OSVDB:22250
Reference: URL:http://www.osvdb.org/22250
Reference: SECUNIA:18325
Reference: URL:http://secunia.com/advisories/18325

Votes:

Name: CVE-2006-0116

Description:
Cross-site scripting vulnerability search.inetstore in iNETstore Ebusiness Software 2.0 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://osvdb.org/ref/22/22251-inetstore.txt
Reference: BUGTRAQ:20060126 Re: [OSVDB Mods] iNETstore E Commerce Solution - Cross Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423137/100/0/threaded
Reference: VIM:20060127 vendor confirms versions: iNETstore E Commerce Solution - Cross Site Scripting (fwd)
Reference: URL:http://www.attrition.org/pipermail/vim/2006-January/000515.html
Reference: BID:16156
Reference: URL:http://www.securityfocus.com/bid/16156
Reference: FRSIRT:ADV-2006-0075
Reference: URL:http://www.frsirt.com/english/advisories/2006/0075
Reference: OSVDB:22251
Reference: URL:http://www.osvdb.org/22251
Reference: SECUNIA:18322
Reference: URL:http://secunia.com/advisories/18322

Votes:

Name: CVE-2006-0117

Description:
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".

Votes:

Name: CVE-2006-0118

Description:
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) via long formulas.

Votes:

Name: CVE-2006-0119

Description:
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP).

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060626 SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/438461/100/0/threaded
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27007054
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/f97fe7cfd9a8113b8525709200001db4?OpenDocument&Highlight=0,GPKS6C9J67
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/d1150fc9c5dec8b18525709200001da6?OpenDocument&Highlight=0,GPKS6C9J67
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/94a77eb898843aca8525709200001de1?OpenDocument&Highlight=0,JGAN6B6TZ3
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/de2ab57a5b9547848525701b00420c2c?OpenDocument&Highlight=0,KSPR699NBP
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/e4deb1cbb011c747852570e4001ba9bb?OpenDocument&Highlight=0,GPKS5YQGPT
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/9a1650d1a771f3078525702a00420def?OpenDocument&Highlight=0,HSAO6BNL6Y
Reference: BID:16158
Reference: URL:http://www.securityfocus.com/bid/16158
Reference: BID:18020
Reference: URL:http://www.securityfocus.com/bid/18020
Reference: FRSIRT:ADV-2006-0081
Reference: URL:http://www.frsirt.com/english/advisories/2006/0081
Reference: FRSIRT:ADV-2006-2564
Reference: URL:http://www.frsirt.com/english/advisories/2006/2564
Reference: SECTRACK:1016390
Reference: URL:http://securitytracker.com/id?1016390
Reference: SECUNIA:18328
Reference: URL:http://secunia.com/advisories/18328
Reference: SECUNIA:20855
Reference: URL:http://secunia.com/advisories/20855
Reference: XF:domino-smtp-nrouter-dos(27413)
Reference: URL:http://xforce.iss.net/xforce/xfdb/27413
Reference: XF:lotus-multiple-unspecified(24207)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24207
Reference: XF:lotus-web-unspecified-xss(24211)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24211

Votes:

Name: CVE-2006-0120

Description:
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN).

Status: Candidate
Phase: Assigned (20060109)
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?uid=swg27007054
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/5c087391999d06e7852569280062619d/258394eaa824f2c08525708a004209d3?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/040482aeb1416bb7852570e4001badd6?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/2bb4f466a9e986ae852570e4001babbb?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/4118a1f266afb26c852570e4001baf5e?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/5f166a44ee743b2c852570e4001baf31?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ad0dd14aa109f96b852570e4001bb08c?OpenDocument
Reference: CONFIRM:http://www-10.lotus.com/ldd/r5fixlist.nsf/e7dbb5aee9a94c56852570c90056a95d/ced5f873baea4e8b852570e4001baa6d?OpenDocument
Reference: BID:16158
Reference: URL:http://www.securityfocus.com/bid/16158
Reference: FRSIRT:ADV-2006-0081
Reference: URL:http://www.frsirt.com/english/advisories/2006/0081
Reference: SECUNIA:18328
Reference: URL:http://secunia.com/advisories/18328
Reference: XF:lotus-bmp-dos(24214)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24214
Reference: XF:lotus-certificate-parsing-dos(24216)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24216
Reference: XF:lotus-compact-dos(24213)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24213
Reference: XF:lotus-delete-attachment-dos(24215)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24215
Reference: XF:lotus-outofoffice-dos(24212)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24212
Reference: XF:lotus-ssl-keyring-dos(24217)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24217

Votes:

Name: CVE-2006-0121

Description:
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory.

Votes:

Name: CVE-2006-0122

Description:
Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://osvdb.org/ref/22/22247-aquifer.txt
Reference: VIM:20060124 vendor ack/fix: Aquifer CMS Index.asp Keyword Variable XSS (fwd)
Reference: URL:http://attrition.org/pipermail/vim/2006-January/000509.html
Reference: BID:16162
Reference: URL:http://www.securityfocus.com/bid/16162
Reference: FRSIRT:ADV-2006-0074
Reference: URL:http://www.frsirt.com/english/advisories/2006/0074
Reference: OSVDB:22247
Reference: URL:http://www.osvdb.org/22247
Reference: SECUNIA:18326
Reference: URL:http://secunia.com/advisories/18326

Votes:

Name: CVE-2006-0123

Description:
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060105 [eVuln] ADNForum Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420990/100/0/threaded
Reference: MISC:http://evuln.com/vulns/15/summary.html
Reference: BID:16157
Reference: URL:http://www.securityfocus.com/bid/16157
Reference: FRSIRT:ADV-2006-0077
Reference: URL:http://www.frsirt.com/english/advisories/2006/0077
Reference: SECTRACK:1015445
Reference: URL:http://securitytracker.com/id?1015445
Reference: SECUNIA:18300
Reference: URL:http://secunia.com/advisories/18300
Reference: OSVDB:22240
Reference: URL:http://www.osvdb.org/22240
Reference: OSVDB:22241
Reference: URL:http://www.osvdb.org/22241

Votes:

Name: CVE-2006-0124

Description:
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbirary web script or HTML via the titulo parameter, which is used by the "Topic name" field.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060105 [eVuln] ADNForum Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420990/100/0/threaded
Reference: MISC:http://evuln.com/vulns/15/summary.html
Reference: BID:16157
Reference: URL:http://www.securityfocus.com/bid/16157
Reference: FRSIRT:ADV-2006-0077
Reference: URL:http://www.frsirt.com/english/advisories/2006/0077
Reference: OSVDB:22242
Reference: URL:http://www.osvdb.org/22242
Reference: SECTRACK:1015445
Reference: URL:http://securitytracker.com/id?1015445
Reference: SECUNIA:18300
Reference: URL:http://secunia.com/advisories/18300

Votes:

Name: CVE-2006-0125

Description:
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue.

Status: Candidate
Phase: Assigned (20060109)
Reference: BID:16166
Reference: URL:http://www.securityfocus.com/bid/16166
Reference: FRSIRT:ADV-2006-0053
Reference: URL:http://www.frsirt.com/english/advisories/2006/0053
Reference: OSVDB:22228
Reference: URL:http://www.osvdb.org/22228
Reference: SECUNIA:18163
Reference: URL:http://secunia.com/advisories/18163

Votes:

Name: CVE-2006-0126

Description:
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.

Status: Candidate
Phase: Assigned (20060109)
Reference: CONFIRM:http://dist.schmorp.de/rxvt-unicode/Changes
Reference: FRSIRT:ADV-2006-0052
Reference: URL:http://www.frsirt.com/english/advisories/2006/0052
Reference: OSVDB:22223
Reference: URL:http://www.osvdb.org/22223
Reference: SECUNIA:18301
Reference: URL:http://secunia.com/advisories/18301

Votes:

Name: CVE-2006-0127

Description:
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command.

Status: Candidate
Phase: Assigned (20060109)
Reference: FULLDISC:20060104 Rockliffe Directory Transversal Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040969.html
Reference: FULLDISC:20060105 Re: Rockliffe Directory Transversal Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041039.html
Reference: MISC:http://zur.homelinux.com/Advisories/RockliffeMailsiteDirTransveral.txt
Reference: FRSIRT:ADV-2006-0055
Reference: URL:http://www.frsirt.com/english/advisories/2006/0055
Reference: OSVDB:22229
Reference: URL:http://www.osvdb.org/22229
Reference: SECUNIA:18318
Reference: URL:http://secunia.com/advisories/18318

Votes:

Name: CVE-2006-0128

Description:
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.

Votes:

Name: CVE-2006-0129

Description:
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.

Status: Candidate
Phase: Assigned (20060109)
Reference: FULLDISC:20060104 Rockliffe Mailsite User Enumeration Flaw
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/040970.html
Reference: MISC:http://zur.homelinux.com/Advisories/RockliffeMailsiteUserEnum.txt
Reference: FRSIRT:ADV-2006-0055
Reference: URL:http://www.frsirt.com/english/advisories/2006/0055
Reference: OSVDB:22230
Reference: URL:http://www.osvdb.org/22230
Reference: SECUNIA:18318
Reference: URL:http://secunia.com/advisories/18318

Votes:

Name: CVE-2006-0130

Description:
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account.

Votes:

Name: CVE-2006-0131

Description:
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060105 [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420969/100/0/threaded
Reference: MISC:http://echo.or.id/adv/adv26-K-159-2006.txt

Votes:

Name: CVE-2006-0132

Description:
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060104 SysCP WebFTP local file inclusion vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420973/100/0/threaded
Reference: BID:16175
Reference: URL:http://www.securityfocus.com/bid/16175
Reference: FRSIRT:ADV-2006-0090
Reference: URL:http://www.frsirt.com/english/advisories/2006/0090
Reference: SECUNIA:18355
Reference: URL:http://secunia.com/advisories/18355
Reference: XF:webftp-language-file-include(24018)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24018

Votes:

Name: CVE-2006-0133

Description:
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060101 [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420589/100/0/threaded
Reference: BID:16102
Reference: URL:http://www.securityfocus.com/bid/16102
Reference: BID:16103
Reference: URL:http://www.securityfocus.com/bid/16103
Reference: SECTRACK:1015429
Reference: URL:http://securitytracker.com/id?1015429

Votes:

Name: CVE-2006-0134

Description:
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421039/100/0/threaded
Reference: MISC:http://evuln.com/vulns/17/exploit.html
Reference: MISC:http://evuln.com/vulns/17/summary.html
Reference: BID:16161
Reference: URL:http://www.securityfocus.com/bid/16161
Reference: FRSIRT:ADV-2006-0093
Reference: URL:http://www.frsirt.com/english/advisories/2006/0093
Reference: OSVDB:22295
Reference: URL:http://www.osvdb.org/22295
Reference: SECTRACK:1015450
Reference: URL:http://securitytracker.com/id?1015450
Reference: SECUNIA:18392
Reference: URL:http://secunia.com/advisories/18392
Reference: XF:thewebforum-register-xss(24007)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24007

Votes:

Name: CVE-2006-0135

Description:
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060106 [eVuln] TheWebForum Script Insertion and Authentication Bypass
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421039/100/0/threaded
Reference: MISC:http://evuln.com/vulns/17/exploit.html
Reference: MISC:http://evuln.com/vulns/17/summary.html
Reference: BID:16161
Reference: URL:http://www.securityfocus.com/bid/16161
Reference: FRSIRT:ADV-2006-0093
Reference: URL:http://www.frsirt.com/english/advisories/2006/0093
Reference: OSVDB:22294
Reference: URL:http://www.osvdb.org/22294
Reference: SECTRACK:1015450
Reference: URL:http://securitytracker.com/id?1015450
Reference: SECUNIA:18392
Reference: URL:http://secunia.com/advisories/18392
Reference: SREASON:321
Reference: URL:http://securityreason.com/securityalert/321
Reference: XF:thewebforum-login-sql-injection(24027)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24027

Votes:

Name: CVE-2006-0136

Description:
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420669/100/0/threaded
Reference: MISC:http://evuln.com/vulns/7/exploit.html
Reference: MISC:http://evuln.com/vulns/7/summary.html
Reference: BID:16113
Reference: URL:http://www.securityfocus.com/bid/16113
Reference: FRSIRT:ADV-2006-0025
Reference: URL:http://www.frsirt.com/english/advisories/2006/0025

Votes:

Name: CVE-2006-0137

Description:
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060101 [eVuln] Chimera Web Portal System Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/420669/100/0/threaded
Reference: BID:16113
Reference: URL:http://www.securityfocus.com/bid/16113
Reference: MISC:http://evuln.com/vulns/7/exploit.html
Reference: MISC:http://evuln.com/vulns/7/summary.html
Reference: FRSIRT:ADV-2006-0025
Reference: URL:http://www.frsirt.com/english/advisories/2006/0025
Reference: OSVDB:22420
Reference: URL:http://www.osvdb.org/22420
Reference: XF:chimera-linkcategory-sql-injection(23963)
Reference: URL:http://xforce.iss.net/xforce/xfdb/23963

Votes:

Name: CVE-2006-0138

Description:
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://www.securiteam.com/exploits/5JP090KHFQ.html
Reference: OSVDB:22186
Reference: URL:http://www.osvdb.org/22186

Votes:

Name: CVE-2006-0139

Description:
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://www.hamid.ir/security/megabbs.txt
Reference: CONFIRM:http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924
Reference: BID:16168
Reference: URL:http://www.securityfocus.com/bid/16168
Reference: FRSIRT:ADV-2006-0095
Reference: URL:http://www.frsirt.com/english/advisories/2006/0095
Reference: SECTRACK:1015452
Reference: URL:http://securitytracker.com/id?1015452
Reference: SECUNIA:18342
Reference: URL:http://secunia.com/advisories/18342
Reference: XF:megabbs-sendprivatemessage-disclosure(24050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24050

Votes:

Name: CVE-2006-0140

Description:
Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060107 [eVuln] NavBoard BBcode XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421149/100/0/threaded
Reference: MISC:http://evuln.com/vulns/19/summary.html
Reference: BID:16165
Reference: URL:http://www.securityfocus.com/bid/16165
Reference: FRSIRT:ADV-2006-0092
Reference: URL:http://www.frsirt.com/english/advisories/2006/0092
Reference: OSVDB:22277
Reference: URL:http://www.osvdb.org/22277
Reference: SECUNIA:18345
Reference: URL:http://secunia.com/advisories/18345
Reference: XF:navboard-post-xss(24021)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24021

Votes:

Name: CVE-2006-0141

Description:
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.

Status: Candidate
Phase: Assigned (20060109)
Reference: CONFIRM:http://www.eudora.co.nz/updates.html
Reference: BID:16179
Reference: URL:http://www.securityfocus.com/bid/16179
Reference: FRSIRT:ADV-2006-0099
Reference: URL:http://www.frsirt.com/english/advisories/2006/0099
Reference: SECUNIA:18356
Reference: URL:http://secunia.com/advisories/18356
Reference: XF:eims-corrupted-mail-dos(24033)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24033
Reference: XF:eims-ntlm-auth-dos(24032)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24032

Votes:

Name: CVE-2006-0142

Description:
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060109)
Reference: BID:16183
Reference: URL:http://www.securityfocus.com/bid/16183
Reference: FRSIRT:ADV-2006-0096
Reference: URL:http://www.frsirt.com/english/advisories/2006/0096
Reference: SECUNIA:18359
Reference: URL:http://secunia.com/advisories/18359
Reference: XF:andromeda-script-xss(24031)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24031

Votes:

Name: CVE-2006-0143

Description:
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060107 Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421257/100/0/threaded
Reference: BUGTRAQ:20060109 [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421258/100/0/threaded
Reference: MISC:http://lostmon.blogspot.com/2007/08/windows-extended-file-attributes-buffer.html
Reference: CONFIRM:http://blogs.technet.com/msrc/archive/2006/01/09/417198.aspx
Reference: BID:16167
Reference: URL:http://www.securityfocus.com/bid/16167
Reference: FRSIRT:ADV-2006-0115
Reference: URL:http://www.frsirt.com/english/advisories/2006/0115
Reference: SECTRACK:1015453
Reference: URL:http://securitytracker.com/id?1015453
Reference: XF:win-gre-wmf-dos(24044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24044

Votes:

Name: CVE-2006-0144

Description:
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that provides a modified version of Tar.php with a malicious extractModify function.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060109 New PEAR / Apache2Triad Exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421469/100/0/threaded
Reference: CONFIRM:http://apache2triad.net/forums/viewtopic.php?p=14670
Reference: BID:16174
Reference: URL:http://www.securityfocus.com/bid/16174
Reference: FRSIRT:ADV-2006-0148
Reference: URL:http://www.frsirt.com/english/advisories/2006/0148
Reference: SECUNIA:18390
Reference: URL:http://secunia.com/advisories/18390
Reference: XF:gopear-proxy-redirection(24076)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24076

Votes:

Name: CVE-2006-0145

Description:
The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and OpenBSD 3.8, does not properly validate file offsets against negative 32-bit values that occur as a result of truncation, which allows local users to read arbitrary kernel memory and gain privileges via the lseek system call.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060202 [SLAB] NetBSD / OpenBSD kernfs_xread patch evasion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423827/100/0/threaded
Reference: MISC:http://www.securitylab.net/research/2006/02/advisory_netbsd_openbsd_kernfs.html
Reference: NETBSD:NetBSD-SA2006-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2006-001.txt.asc
Reference: BID:16173
Reference: URL:http://www.securityfocus.com/bid/16173
Reference: OSVDB:22293
Reference: URL:http://www.osvdb.org/22293
Reference: SECUNIA:18388
Reference: URL:http://secunia.com/advisories/18388
Reference: SECUNIA:18712
Reference: URL:http://secunia.com/advisories/18712
Reference: SREASON:405
Reference: URL:http://securityreason.com/securityalert/405
Reference: XF:netbsd-kernfs-memory-disclosure(24035)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24035

Votes:

Name: CVE-2006-0146

Description:
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060202 Bug for libs in php link directory 2.0
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423784/100/0/threaded
Reference: BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
Reference: BUGTRAQ:20070418 MediaBeez Sql query Execution .. Wear isn't ?? :)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/466171/100/0/threaded
Reference: BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
Reference: MISC:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
Reference: MISC:http://secunia.com/secunia_research/2005-64/advisory/
Reference: CONFIRM:http://www.xaraya.com/index.php/news/569
Reference: CONFIRM:http://www.maxdev.com/Article550.phtml
Reference: DEBIAN:DSA-1029
Reference: URL:http://www.debian.org/security/2006/dsa-1029
Reference: DEBIAN:DSA-1030
Reference: URL:http://www.debian.org/security/2006/dsa-1030
Reference: DEBIAN:DSA-1031
Reference: URL:http://www.debian.org/security/2006/dsa-1031
Reference: GENTOO:GLSA-200604-07
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
Reference: BID:16187
Reference: URL:http://www.securityfocus.com/bid/16187
Reference: FRSIRT:ADV-2006-0101
Reference: URL:http://www.frsirt.com/english/advisories/2006/0101
Reference: FRSIRT:ADV-2006-0102
Reference: URL:http://www.frsirt.com/english/advisories/2006/0102
Reference: FRSIRT:ADV-2006-0103
Reference: URL:http://www.frsirt.com/english/advisories/2006/0103
Reference: FRSIRT:ADV-2006-0104
Reference: URL:http://www.frsirt.com/english/advisories/2006/0104
Reference: FRSIRT:ADV-2006-0105
Reference: URL:http://www.frsirt.com/english/advisories/2006/0105
Reference: FRSIRT:ADV-2006-0447
Reference: URL:http://www.frsirt.com/english/advisories/2006/0447
Reference: FRSIRT:ADV-2006-0370
Reference: URL:http://www.frsirt.com/english/advisories/2006/0370
Reference: FRSIRT:ADV-2006-1304
Reference: URL:http://www.frsirt.com/english/advisories/2006/1304
Reference: FRSIRT:ADV-2006-1305
Reference: URL:http://www.frsirt.com/english/advisories/2006/1305
Reference: FRSIRT:ADV-2006-1419
Reference: URL:http://www.frsirt.com/english/advisories/2006/1419
Reference: OSVDB:22290
Reference: URL:http://www.osvdb.org/22290
Reference: SECUNIA:17418
Reference: URL:http://secunia.com/advisories/17418
Reference: SECUNIA:18254
Reference: URL:http://secunia.com/advisories/18254
Reference: SECUNIA:18267
Reference: URL:http://secunia.com/advisories/18267
Reference: SECUNIA:18260
Reference: URL:http://secunia.com/advisories/18260
Reference: SECUNIA:18276
Reference: URL:http://secunia.com/advisories/18276
Reference: SECUNIA:18233
Reference: URL:http://secunia.com/advisories/18233
Reference: SECUNIA:18720
Reference: URL:http://secunia.com/advisories/18720
Reference: SECUNIA:19555
Reference: URL:http://secunia.com/advisories/19555
Reference: SECUNIA:19563
Reference: URL:http://secunia.com/advisories/19563
Reference: SECUNIA:19590
Reference: URL:http://secunia.com/advisories/19590
Reference: SECUNIA:19591
Reference: URL:http://secunia.com/advisories/19591
Reference: SECUNIA:19600
Reference: URL:http://secunia.com/advisories/19600
Reference: SECUNIA:19699
Reference: URL:http://secunia.com/advisories/19699
Reference: SECUNIA:19691
Reference: URL:http://secunia.com/advisories/19691
Reference: SECUNIA:24954
Reference: URL:http://secunia.com/advisories/24954
Reference: SREASON:713
Reference: URL:http://securityreason.com/securityalert/713
Reference: XF:adodb-server-command-execution(24051)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24051

Votes:

Name: CVE-2006-0147

Description:
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430448/100/0/threaded
Reference: BUGTRAQ:20060412 Simplog <=0.9.2 multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430743/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2005-64/advisory/
Reference: MISC:http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
Reference: BUGTRAQ:20060412 Simplog <=0.9.2 multiple vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430743/100/0/threaded
Reference: MILW0RM:1663
Reference: URL:http://milw0rm.com/exploits/1663
Reference: MISC:http://retrogod.altervista.org/simplog_092_incl_xpl.html
Reference: DEBIAN:DSA-1029
Reference: URL:http://www.debian.org/security/2006/dsa-1029
Reference: DEBIAN:DSA-1030
Reference: URL:http://www.debian.org/security/2006/dsa-1030
Reference: DEBIAN:DSA-1031
Reference: URL:http://www.debian.org/security/2006/dsa-1031
Reference: GENTOO:GLSA-200604-07
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
Reference: FRSIRT:ADV-2006-0101
Reference: URL:http://www.frsirt.com/english/advisories/2006/0101
Reference: FRSIRT:ADV-2006-0102
Reference: URL:http://www.frsirt.com/english/advisories/2006/0102
Reference: FRSIRT:ADV-2006-0103
Reference: URL:http://www.frsirt.com/english/advisories/2006/0103
Reference: FRSIRT:ADV-2006-0104
Reference: URL:http://www.frsirt.com/english/advisories/2006/0104
Reference: FRSIRT:ADV-2006-1305
Reference: URL:http://www.frsirt.com/english/advisories/2006/1305
Reference: FRSIRT:ADV-2006-1332
Reference: URL:http://www.frsirt.com/english/advisories/2006/1332
Reference: OSVDB:22291
Reference: URL:http://www.osvdb.org/22291
Reference: SECUNIA:17418
Reference: URL:http://secunia.com/advisories/17418
Reference: SECUNIA:18254
Reference: URL:http://secunia.com/advisories/18254
Reference: SECUNIA:18267
Reference: URL:http://secunia.com/advisories/18267
Reference: SECUNIA:18260
Reference: URL:http://secunia.com/advisories/18260
Reference: SECUNIA:18276
Reference: URL:http://secunia.com/advisories/18276
Reference: SECUNIA:18233
Reference: URL:http://secunia.com/advisories/18233
Reference: SECUNIA:19555
Reference: URL:http://secunia.com/advisories/19555
Reference: SECUNIA:19590
Reference: URL:http://secunia.com/advisories/19590
Reference: SECUNIA:19591
Reference: URL:http://secunia.com/advisories/19591
Reference: SECUNIA:19600
Reference: URL:http://secunia.com/advisories/19600
Reference: SECUNIA:19628
Reference: URL:http://secunia.com/advisories/19628
Reference: SECUNIA:19691
Reference: URL:http://secunia.com/advisories/19691
Reference: XF:adodb-tmssql-command-execution(24052)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24052

Votes:

Name: CVE-2006-0148

Description:
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.

Status: Candidate
Phase: Assigned (20060109)
Reference: MISC:http://www.ipomonis.com/advisories/xlpd.txt
Reference: BID:16164
Reference: URL:http://www.securityfocus.com/bid/16164
Reference: SECTRACK:1015444
Reference: URL:http://securitytracker.com/id?1015444
Reference: XF:xlpd-connection-dos(24041)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24041

Votes:

Name: CVE-2006-0149

Description:
Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

Status: Candidate
Phase: Assigned (20060109)
Reference: FULLDISC:20060106 SimpBook "message" Remote Cross-Site Scripting Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041127.html
Reference: SECTRACK:1015451
Reference: URL:http://securitytracker.com/id?1015451

Votes:

Name: CVE-2006-0150

Description:
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username.

Status: Candidate
Phase: Assigned (20060109)
Reference: BUGTRAQ:20060109 Digital Armaments Security Advisory 01.09.2006: Apache auth_ldap module Multiple Format Strings Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421286/100/0/threaded
Reference: VULNWATCH:20060130 Digital Armaments: Apache auth_ldap module Multiple Format Strings Vulnerability
Reference: MISC:http://www.digitalarmaments.com/2006090173928420.html
Reference: CONFIRM:http://www.rudedog.org/auth_ldap/Changes.html
Reference: DEBIAN:DSA-952
Reference: URL:http://www.debian.org/security/2006/dsa-952
Reference: MANDRIVA:MDKSA-2006:017
Reference: URL:http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:017
Reference: REDHAT:RHSA-2006:0179
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0179.html
Reference: BID:16177
Reference: URL:http://www.securityfocus.com/bid/16177
Reference: FRSIRT:ADV-2006-0117
Reference: URL:http://www.frsirt.com/english/advisories/2006/0117
Reference: SECTRACK:1015456
Reference: URL:http://securitytracker.com/id?1015456
Reference: SECUNIA:18382
Reference: URL:http://secunia.com/advisories/18382
Reference: SECUNIA:18405
Reference: URL:http://secunia.com/advisories/18405
Reference: SECUNIA:18412
Reference: URL:http://secunia.com/advisories/18412
Reference: SECUNIA:18568
Reference: URL:http://secunia.com/advisories/18568
Reference: XF:apache-authldap-format-string(24030)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24030

Votes:

Name: CVE-2006-0151

Description:
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Status: Candidate
Phase: Assigned (20060109)
Reference: DEBIAN:DSA-946
Reference: URL:http://www.debian.org/security/2006/dsa-946
Reference: MANDRIVA:MDKSA-2006:159
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
Reference: SLACKWARE:SSA:2006-045-08
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822
Reference: SUSE:SUSE-SR:2006:002
Reference: URL:http://www.novell.com/linux/security/advisories/2006_02_sr.html
Reference: TRUSTIX:2006-0010
Reference: URL:http://www.trustix.org/errata/2006/0010
Reference: UBUNTU:USN-235-2
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-235-2
Reference: BID:16184
Reference: URL:http://www.securityfocus.com/bid/16184
Reference: SECUNIA:18358
Reference: URL:http://secunia.com/advisories/18358
Reference: SECUNIA:18363
Reference: URL:http://secunia.com/advisories/18363
Reference: SECUNIA:18549
Reference: URL:http://secunia.com/advisories/18549
Reference: SECUNIA:18906
Reference: URL:http://secunia.com/advisories/18906
Reference: SECUNIA:18558
Reference: URL:http://secunia.com/advisories/18558
Reference: SECUNIA:19016
Reference: URL:http://secunia.com/advisories/19016
Reference: SECUNIA:21692
Reference: URL:http://secunia.com/advisories/21692

Votes:

Name: CVE-2006-0152

Description:
Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060110)
Reference: BID:16180
Reference: URL:http://www.securityfocus.com/bid/16180
Reference: FRSIRT:ADV-2006-0094
Reference: URL:http://www.frsirt.com/english/advisories/2006/0094
Reference: OSVDB:22282
Reference: URL:http://www.osvdb.org/22282
Reference: SECUNIA:18360
Reference: URL:http://secunia.com/advisories/18360
Reference: XF:phpchamber-searchresult-xss(24029)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24029

Votes:

Name: CVE-2006-0153

Description:
427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.

Status: Candidate
Phase: Assigned (20060110)
Reference: BUGTRAQ:20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421326/100/0/threaded
Reference: MISC:http://evuln.com/vulns/18/summary.html
Reference: BID:16178
Reference: URL:http://www.securityfocus.com/bid/16178
Reference: FRSIRT:ADV-2006-0091
Reference: URL:http://www.frsirt.com/english/advisories/2006/0091
Reference: OSVDB:22274
Reference: URL:http://www.osvdb.org/22274
Reference: SECUNIA:18354
Reference: URL:http://secunia.com/advisories/18354
Reference: XF:427bb-scripts-security-bypass(24038)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24038

Votes:

Name: CVE-2006-0154

Description:
SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the ForumID parameter.

Status: Candidate
Phase: Assigned (20060110)
Reference: BUGTRAQ:20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421326/100/0/threaded
Reference: MISC:http://evuln.com/vulns/18/summary.html
Reference: BID:16169
Reference: URL:http://www.securityfocus.com/bid/16169
Reference: FRSIRT:ADV-2006-0091
Reference: URL:http://www.frsirt.com/english/advisories/2006/0091
Reference: OSVDB:22275
Reference: URL:http://www.osvdb.org/22275
Reference: SECUNIA:18354
Reference: URL:http://secunia.com/advisories/18354
Reference: XF:427bb-showthread-sql-injection(24039)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24039

Votes:

Name: CVE-2006-0155

Description:
Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI.

Status: Candidate
Phase: Assigned (20060110)
Reference: BUGTRAQ:20060107 [eVuln] 427BB Multiple Vulnerabilities (Cookie-based Authentication Bypass, SQL Injections, XSS)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421326/100/0/threaded
Reference: MISC:http://evuln.com/vulns/18/summary.html
Reference: FRSIRT:ADV-2006-0091
Reference: URL:http://www.frsirt.com/english/advisories/2006/0091
Reference: OSVDB:22276
Reference: URL:http://www.osvdb.org/22276
Reference: SECUNIA:18354
Reference: URL:http://secunia.com/advisories/18354
Reference: XF:427bb-posts-xss(24040)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24040

Votes:

Name: CVE-2006-0156

Description:
Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php.

Status: Candidate
Phase: Assigned (20060110)
Reference: BUGTRAQ:20060109 [eVuln] Foxrum BBCode XSS Vulnerabilty
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421277/100/0/threaded
Reference: MISC:http://evuln.com/vulns/20
Reference: BID:16172
Reference: URL:http://www.securityfocus.com/bid/16172
Reference: FRSIRT:ADV-2006-0121
Reference: URL:http://www.frsirt.com/english/advisories/2006/0121
Reference: SECUNIA:18386
Reference: URL:http://secunia.com/advisories/18386
Reference: SREASON:325
Reference: URL:http://securityreason.com/securityalert/325
Reference: XF:foxrum-bbcode-xss(24043)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24043

Votes:

Name: CVE-2006-0157

Description:
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.

Status: Candidate
Phase: Assigned (20060110)
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/MagicNewsPlus-pw-change.pl
Reference: BID:16182
Reference: URL:http://www.securityfocus.com/bid/16182
Reference: SECUNIA:18601
Reference: URL:http://secunia.com/advisories/18601

Votes:

Name: CVE-2006-0158

Description:
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

Status: Candidate
Phase: Assigned (20060110)
Reference: MISC:http://osvdb.org/ref/22/22205-sitesuite.txt
Reference: FRSIRT:ADV-2006-0038
Reference: URL:http://www.frsirt.com/english/advisories/2006/0038
Reference: OSVDB:22205
Reference: URL:http://www.osvdb.org/22205
Reference: SECUNIA:18305
Reference: URL:http://secunia.com/advisories/18305

Votes:

Name: CVE-2006-0159

Description:
SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown, although it may be based on post-disclosure analysis of CVE-2006-0110; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060110)
Reference: FRSIRT:ADV-2006-0073
Reference: URL:http://www.frsirt.com/english/advisories/2006/0073
Reference: OSVDB:22264
Reference: URL:http://www.osvdb.org/22264
Reference: SECUNIA:18327
Reference: URL:http://secunia.com/advisories/18327
Reference: XF:domus-escribir-sql-injection(24017)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24017

Votes:

Name: CVE-2006-0160

Description:
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.

Status: Candidate
Phase: Assigned (20060110)
Reference: BUGTRAQ:20060109 [eVuln] Venom Board SQL Injection Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=113683807903915&w=2
Reference: MISC:http://evuln.com/vulns/21/summary.html
Reference: BID:16176
Reference: URL:http://www.securityfocus.com/bid/16176
Reference: FRSIRT:ADV-2006-0122
Reference: URL:http://www.frsirt.com/english/advisories/2006/0122
Reference: OSVDB:22297
Reference: URL:http://www.osvdb.org/22297
Reference: SECUNIA:18383
Reference: URL:http://secunia.com/advisories/18383
Reference: SREASON:326
Reference: URL:http://securityreason.com/securityalert/326
Reference: XF:venomboard-addpost-sql-injection(24046)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24046

Votes:

Name: CVE-2006-0161

Description:
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780.

Status: Candidate
Phase: Assigned (20060110)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm
Reference: SUNALERT:101933
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101933-1
Reference: FRSIRT:ADV-2006-0113
Reference: URL:http://www.frsirt.com/english/advisories/2006/0113
Reference: OVAL:oval:org.mitre.oval:def:1534
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1534
Reference: SECTRACK:1015455
Reference: URL:http://securitytracker.com/id?1015455
Reference: SECUNIA:18371
Reference: URL:http://secunia.com/advisories/18371
Reference: SECUNIA:19087
Reference: URL:http://secunia.com/advisories/19087

Votes:

Name: CVE-2006-0162

Description:
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.

Status: Candidate
Phase: Assigned (20060110)
Reference: FULLDISC:20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html
Reference: MISC:http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
Reference: CONFIRM:http://www.clamav.net/doc/0.88/ChangeLog
Reference: DEBIAN:DSA-947
Reference: URL:http://www.debian.org/security/2006/dsa-947
Reference: GENTOO:GLSA-200601-07
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml
Reference: MANDRIVA:MDKSA-2006:016
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:016
Reference: TRUSTIX:2006-0002
Reference: URL:http://www.trustix.org/errata/2006/0002/
Reference: CERT-VN:VU#385908
Reference: URL:http://www.kb.cert.org/vuls/id/385908
Reference: BID:16191
Reference: URL:http://www.securityfocus.com/bid/16191
Reference: FRSIRT:ADV-2006-0116
Reference: URL:http://www.frsirt.com/english/advisories/2006/0116
Reference: OSVDB:22318
Reference: URL:http://www.osvdb.org/22318
Reference: SECTRACK:1015457
Reference: URL:http://securitytracker.com/id?1015457
Reference: SECUNIA:18379
Reference: URL:http://secunia.com/advisories/18379
Reference: SECUNIA:18453
Reference: URL:http://secunia.com/advisories/18453
Reference: SECUNIA:18478
Reference: URL:http://secunia.com/advisories/18478
Reference: SECUNIA:18548
Reference: URL:http://secunia.com/advisories/18548
Reference: SECUNIA:18463
Reference: URL:http://secunia.com/advisories/18463
Reference: SREASON:342
Reference: URL:http://securityreason.com/securityalert/342
Reference: XF:clamav-libclamav-upx-bo(24047)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24047

Votes:

Name: CVE-2006-0163

Description:
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.

Status: Candidate
Phase: Assigned (20060111)
Reference: MISC:http://lostmon.blogspot.com/2006/01/phpnuke-ev-77-search-module-query.html
Reference: BID:16186
Reference: URL:http://www.securityfocus.com/bid/16186
Reference: FRSIRT:ADV-2006-0120
Reference: URL:http://www.frsirt.com/english/advisories/2006/0120
Reference: OSVDB:22316
Reference: URL:http://www.osvdb.org/22316
Reference: SECUNIA:18394
Reference: URL:http://secunia.com/advisories/18394
Reference: XF:phpnukeev-search-sql-injection(44978)
Reference: URL:http://xforce.iss.net/xforce/xfdb/44978

Votes:

Name: CVE-2006-0164

Description:
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.

Status: Candidate
Phase: Assigned (20060111)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=384232
Reference: BID:17469
Reference: URL:http://www.securityfocus.com/bid/17469
Reference: FRSIRT:ADV-2006-0123
Reference: URL:http://www.frsirt.com/english/advisories/2006/0123
Reference: OSVDB:22302
Reference: URL:http://www.osvdb.org/22302
Reference: SECUNIA:18346
Reference: URL:http://secunia.com/advisories/18346
Reference: XF:phgstats-php-file-include(24062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24062

Votes:

Name: CVE-2006-0165

Description:
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2) name field of the default email form.

Status: Candidate
Phase: Assigned (20060111)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=384153&group_id=51417
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=1395371&group_id=51417&atid=463213
Reference: FRSIRT:ADV-2006-0126
Reference: URL:http://www.frsirt.com/english/advisories/2006/0126
Reference: SECUNIA:18372
Reference: URL:http://secunia.com/advisories/18372
Reference: XF:webgui-forms-xss(24053)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24053

Votes:

Name: CVE-2006-0166

Description:
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.

Status: Candidate
Phase: Assigned (20060111)
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html
Reference: FRSIRT:ADV-2006-0143
Reference: URL:http://www.frsirt.com/english/advisories/2006/0143
Reference: SECTRACK:1015462
Reference: URL:http://securitytracker.com/id?1015462
Reference: SECUNIA:18402
Reference: URL:http://secunia.com/advisories/18402
Reference: XF:systemworks-nprotect-hidden(24061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24061

Votes:

Name: CVE-2006-0167

Description:
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060111 [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421863/100/0/threaded
Reference: MISC:http://evuln.com/vulns/22/summary.html
Reference: BID:16210
Reference: URL:http://www.securityfocus.com/bid/16210
Reference: FRSIRT:ADV-2006-0147
Reference: URL:http://www.frsirt.com/english/advisories/2006/0147
Reference: OSVDB:22324
Reference: URL:http://www.osvdb.org/22324
Reference: OSVDB:22325
Reference: URL:http://www.osvdb.org/22325
Reference: SECUNIA:18399
Reference: URL:http://secunia.com/advisories/18399
Reference: XF:myphpim-calendar-sql-injection(24066)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24066
Reference: XF:myphpim-login-sql-injection(24075)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24075

Votes:

Name: CVE-2006-0168

Description:
Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060111 [eVuln] MyPhPim Multiple SQL Injection and XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421863/100/0/threaded
Reference: MISC:http://evuln.com/vulns/22/summary.html
Reference: BID:16210
Reference: URL:http://www.securityfocus.com/bid/16210
Reference: FRSIRT:ADV-2006-0147
Reference: URL:http://www.frsirt.com/english/advisories/2006/0147
Reference: OSVDB:22326
Reference: URL:http://www.osvdb.org/22326
Reference: SECUNIA:18399
Reference: URL:http://secunia.com/advisories/18399
Reference: XF:myphpim-todo-xss(24071)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24071

Votes:

Name: CVE-2006-0169

Description:
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060111 [eVuln] MyPhPim Arbitrary File Upload
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421626/100/0/threaded
Reference: MISC:http://evuln.com/vulns/23/summary.html
Reference: BID:16208
Reference: URL:http://www.securityfocus.com/bid/16208
Reference: FRSIRT:ADV-2006-0147
Reference: URL:http://www.frsirt.com/english/advisories/2006/0147
Reference: SECUNIA:18399
Reference: URL:http://secunia.com/advisories/18399
Reference: XF:myphpim-addresses-file-upload(24070)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24070

Votes:

Name: CVE-2006-0170

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0035. Reason: This candidate is a duplicate of CVE-2006-0035. Notes: All CVE users should reference CVE-2006-0035 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20060111)

Votes:

Name: CVE-2006-0171

Description:
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060106 Orjinweb E-commerce
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421312/100/0/threaded
Reference: BID:16199
Reference: URL:http://www.securityfocus.com/bid/16199
Reference: OSVDB:22387
Reference: URL:http://www.osvdb.org/22387
Reference: XF:orjinweb-url-file-include(24097)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24097

Votes:

Name: CVE-2006-0172

Description:
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060110 Multiple Vulnerabilities in Hummingbird Collaboration
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421392/100/0/threaded
Reference: MISC:http://www.securenetwork.it/advisories/sn-2006-01.html
Reference: BID:16195
Reference: URL:http://www.securityfocus.com/bid/16195
Reference: FRSIRT:ADV-2006-0145
Reference: URL:http://www.frsirt.com/english/advisories/2006/0145
Reference: SECUNIA:18411
Reference: URL:http://secunia.com/advisories/18411
Reference: XF:hummingbird-enterprise-xss(24067)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24067

Votes:

Name: CVE-2006-0173

Description:
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060110 Multiple Vulnerabilities in Hummingbird Collaboration
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421392/100/0/threaded
Reference: MISC:http://www.securenetwork.it/advisories/sn-2006-01.html
Reference: BID:16195
Reference: URL:http://www.securityfocus.com/bid/16195
Reference: FRSIRT:ADV-2006-0145
Reference: URL:http://www.frsirt.com/english/advisories/2006/0145
Reference: SECUNIA:18411
Reference: URL:http://secunia.com/advisories/18411
Reference: XF:hummingbird-enterprise-file-download(24068)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24068

Votes:

Name: CVE-2006-0174

Description:
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060110 Multiple Vulnerabilities in Hummingbird Collaboration
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421392/100/0/threaded
Reference: MISC:http://www.securenetwork.it/advisories/sn-2006-01.html
Reference: BID:16195
Reference: URL:http://www.securityfocus.com/bid/16195
Reference: FRSIRT:ADV-2006-0145
Reference: URL:http://www.frsirt.com/english/advisories/2006/0145
Reference: SECUNIA:18411
Reference: URL:http://secunia.com/advisories/18411
Reference: SREASON:328
Reference: URL:http://securityreason.com/securityalert/328
Reference: XF:hummingbird-enterprise-information-disclosure(24069)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24069

Votes:

Name: CVE-2006-0175

Description:
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Status: Candidate
Phase: Assigned (20060111)
Reference: FULLDISC:20060109 Advisory:XSS vulnerability on WebWiz Forums <= 6.34 (search_form.asp)
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html
Reference: BUGTRAQ:20060111 Advisory:XSS vulnerability on WebWiz Forums <= 6.34(search_form.asp)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421615/100/0/threaded
Reference: BID:16196
Reference: URL:http://www.securityfocus.com/bid/16196
Reference: OSVDB:22398
Reference: URL:http://www.osvdb.org/22398
Reference: XF:webwizforums-searchform-xss(24048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24048

Votes:

Name: CVE-2006-0176

Description:
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.

Status: Candidate
Phase: Assigned (20060111)
Reference: BUGTRAQ:20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421849/100/0/threaded
Reference: FULLDISC:20060110 mysec.org Security Advisory : Xmame buffer overflow, with a possibility of privilege escalation.
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0353.html
Reference: CONFIRM:http://x.mame.net/changes-unix.html
Reference: BID:16203
Reference: URL:http://www.securityfocus.com/bid/16203
Reference: XF:xmame-multiple-parameters-bo(24102)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24102

Votes:

Name: CVE-2006-0177

Description:
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu to the name of a file containing a long line.

Status: Candidate
Phase: Assigned (20060111)
Reference: FULLDISC:20060110 SUID root overflows in UNICOS and partial shellcode
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html
Reference: BID:16205
Reference: URL:http://www.securityfocus.com/bid/16205
Reference: XF:unicos-command-line-bo(24276)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24276

Votes:

Name: CVE-2006-0178

Description:
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.

Status: Candidate
Phase: Assigned (20060111)
Reference: FULLDISC:20060110 SUID root overflows in UNICOS and partial shellcode
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html
Reference: BID:16205
Reference: URL:http://www.securityfocus.com/bid/16205
Reference: XF:unicos-ftp-format-string(24277)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24277

Votes:

Name: CVE-2006-0179

Description:
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80.

Status: Candidate
Phase: Assigned (20060111)
Reference: MILW0RM:1411
Reference: URL:http://milw0rm.com/exploits/1411
Reference: CISCO:20060113 Response to Cisco IP Phone 7940 DoS Exploit posted on milw0rm.com
Reference: URL:http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml
Reference: MISC:http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl
Reference: BID:16200
Reference: URL:http://www.securityfocus.com/bid/16200
Reference: FRSIRT:ADV-2006-0202
Reference: URL:http://www.frsirt.com/english/advisories/2006/0202
Reference: OSVDB:22469
Reference: URL:http://www.osvdb.org/22469
Reference: SECTRACK:1015488
Reference: URL:http://securitytracker.com/id?1015488
Reference: SECUNIA:18479
Reference: URL:http://secunia.com/advisories/18479
Reference: XF:cisco-ipphone-synflood-dos(24117)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24117

Votes:

Name: CVE-2006-0180

Description:
Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags.

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060116 [eVuln] CaLogic Calendars Multiple XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422163/100/0/threaded
Reference: MISC:http://evuln.com/vulns/24/summary.html
Reference: BID:16206
Reference: URL:http://www.securityfocus.com/bid/16206
Reference: FRSIRT:ADV-2006-0149
Reference: URL:http://www.frsirt.com/english/advisories/2006/0149
Reference: OSVDB:22322
Reference: URL:http://www.osvdb.org/22322
Reference: SECUNIA:18417
Reference: URL:http://secunia.com/advisories/18417
Reference: XF:calogic-newevent-xss(24077)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24077

Votes:

Name: CVE-2006-0181

Description:
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command.

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060112 Cisco, haven't we learned anything? (technician reset)
Reference: CISCO:20060111 Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20060111-mars.shtml
Reference: BID:16211
Reference: URL:http://www.securityfocus.com/bid/16211
Reference: FRSIRT:ADV-2006-0154
Reference: URL:http://www.frsirt.com/english/advisories/2006/0154
Reference: OSVDB:22346
Reference: URL:http://www.osvdb.org/22346
Reference: SECTRACK:1015471
Reference: URL:http://securitytracker.com/id?1015471
Reference: SECUNIA:18424
Reference: URL:http://secunia.com/advisories/18424
Reference: SREASON:335
Reference: URL:http://securityreason.com/securityalert/335
Reference: XF:cisco-csmars-default-password(24065)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24065

Votes:

Name: CVE-2006-0182

Description:
login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside".

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421744/100/0/threaded
Reference: MISC:http://evuln.com/vulns/25/summary.html
Reference: FRSIRT:ADV-2006-0152
Reference: URL:http://www.frsirt.com/english/advisories/2006/0152
Reference: OSVDB:22344
Reference: URL:http://www.osvdb.org/22344
Reference: SECUNIA:18432
Reference: URL:http://secunia.com/advisories/18432
Reference: SREASON:343
Reference: URL:http://securityreason.com/securityalert/343
Reference: XF:acal-login-auth-bypass(24104)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24104

Votes:

Name: CVE-2006-0183

Description:
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060112 [eVuln] ACal Authentication Bypass & PHP Code Insertion
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421744/100/0/threaded
Reference: MISC:http://evuln.com/vulns/25/summary.html
Reference: FRSIRT:ADV-2006-0152
Reference: URL:http://www.frsirt.com/english/advisories/2006/0152
Reference: OSVDB:22345
Reference: URL:http://www.osvdb.org/22345
Reference: SECUNIA:18432
Reference: URL:http://secunia.com/advisories/18432
Reference: SREASON:343
Reference: URL:http://securityreason.com/securityalert/343
Reference: XF:acal-header-footer-code-execute(24107)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24107

Votes:

Name: CVE-2006-0184

Description:
Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.

Status: Candidate
Phase: Assigned (20060112)
Reference: FULLDISC:20060110 AspTopSites SQL injection
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0351.html
Reference: MISC:http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txt
Reference: FRSIRT:ADV-2006-0146
Reference: URL:http://www.frsirt.com/english/advisories/2006/0146
Reference: OSVDB:22330
Reference: URL:http://www.osvdb.org/22330
Reference: SECUNIA:18408
Reference: URL:http://secunia.com/advisories/18408
Reference: XF:asptopsites-goto-sql-injection(24072)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24072

Votes:

Name: CVE-2006-0185

Description:
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060107 Php-Nuke Pool and News Module IMG Tag Cross Site
Reference: URL:http://www.securityfocus.com/archive/1/421322
Reference: BID:16192
Reference: URL:http://www.securityfocus.com/bid/16192
Reference: FRSIRT:ADV-2006-0125
Reference: URL:http://www.frsirt.com/english/advisories/2006/0125
Reference: SECUNIA:18374
Reference: URL:http://secunia.com/advisories/18374

Votes:

Name: CVE-2006-0186

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4500. Reason: This candidate is a duplicate of CVE-2005-4500. Notes: All CVE users should reference CVE-2005-4500 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20060112)

Votes:

Name: CVE-2006-0187

Description:
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.

Status: Candidate
Phase: Assigned (20060112)
Reference: BUGTRAQ:20060113 Visual Studio Remote Code Execution
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421943/100/0/threaded
Reference: BID:16225
Reference: URL:http://www.securityfocus.com/bid/16225
Reference: FRSIRT:ADV-2006-0151
Reference: URL:http://www.frsirt.com/english/advisories/2006/0151
Reference: SECUNIA:18409
Reference: URL:http://secunia.com/advisories/18409
Reference: XF:visualstudio-usercontrol-code-execution(24116)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24116

Votes:

Name: CVE-2006-0188

Description:
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS.

Status: Candidate
Phase: Assigned (20060112)
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2006-02-01
Reference: DEBIAN:DSA-988
Reference: URL:http://www.debian.org/security/2006/dsa-988
Reference: FEDORA:FEDORA-2006-133
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html
Reference: GENTOO:GLSA-200603-09
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml
Reference: MANDRIVA:MDKSA-2006:049
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:049
Reference: REDHAT:RHSA-2006:0283
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0283.html
Reference: SGI:20060501-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
Reference: SUSE:SUSE-SR:2006:005
Reference: URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html
Reference: BID:16756
Reference: URL:http://www.securityfocus.com/bid/16756
Reference: FRSIRT:ADV-2006-0689
Reference: URL:http://www.frsirt.com/english/advisories/2006/0689
Reference: SECTRACK:1015662
Reference: URL:http://securitytracker.com/id?1015662
Reference: SECUNIA:18985
Reference: URL:http://secunia.com/advisories/18985
Reference: SECUNIA:19131
Reference: URL:http://secunia.com/advisories/19131
Reference: SECUNIA:19130
Reference: URL:http://secunia.com/advisories/19130
Reference: SECUNIA:19176
Reference: URL:http://secunia.com/advisories/19176
Reference: SECUNIA:19205
Reference: URL:http://secunia.com/advisories/19205
Reference: SECUNIA:19960
Reference: URL:http://secunia.com/advisories/19960
Reference: SECUNIA:20210
Reference: URL:http://secunia.com/advisories/20210
Reference: XF:squirrelmail-webmail-xss(24847)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24847

Votes:

Name: CVE-2006-0189

Description:
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060111 eStara Softphone SIP stack Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421596/100/0/threaded
Reference: BID:16213
Reference: URL:http://www.securityfocus.com/bid/16213
Reference: FRSIRT:ADV-2006-0167
Reference: URL:http://www.frsirt.com/english/advisories/2006/0167
Reference: OSVDB:22348
Reference: URL:http://www.osvdb.org/22348
Reference: SECTRACK:1015481
Reference: URL:http://securitytracker.com/id?1015481
Reference: SECUNIA:18410
Reference: URL:http://secunia.com/advisories/18410
Reference: XF:estara-sip-sdp-bo(24090)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24090

Votes:

Name: CVE-2006-0190

Description:
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.

Status: Candidate
Phase: Assigned (20060113)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm
Reference: SUNALERT:102066
Reference: URL:http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102066-1
Reference: BID:16224
Reference: URL:http://www.securityfocus.com/bid/16224
Reference: FRSIRT:ADV-2006-0165
Reference: URL:http://www.frsirt.com/english/advisories/2006/0165
Reference: OVAL:oval:org.mitre.oval:def:702
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:702
Reference: SECTRACK:1015478
Reference: URL:http://securitytracker.com/id?1015478
Reference: SECUNIA:18421
Reference: URL:http://secunia.com/advisories/18421
Reference: SECUNIA:19087
Reference: URL:http://secunia.com/advisories/19087
Reference: XF:solaris-unspecified-root-access(24084)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24084

Votes:

Name: CVE-2006-0191

Description:
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.

Status: Candidate
Phase: Assigned (20060113)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm
Reference: SUNALERT:102108
Reference: URL:http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102108-1
Reference: BID:16222
Reference: URL:http://www.securityfocus.com/bid/16222
Reference: FRSIRT:ADV-2006-0166
Reference: URL:http://www.frsirt.com/english/advisories/2006/0166
Reference: OSVDB:22347
Reference: URL:http://www.osvdb.org/22347
Reference: OVAL:oval:org.mitre.oval:def:1608
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1608
Reference: SECTRACK:1015479
Reference: URL:http://securitytracker.com/id?1015479
Reference: SECUNIA:18420
Reference: URL:http://secunia.com/advisories/18420
Reference: SECUNIA:19087
Reference: URL:http://secunia.com/advisories/19087
Reference: XF:solaris-find-proc-dos(24085)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24085

Votes:

Name: CVE-2006-0192

Description:
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060204 sql injection in ASP Survey
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423949/100/0/threaded
Reference: BID:16496
Reference: URL:http://www.securityfocus.com/bid/16496
Reference: FRSIRT:ADV-2006-0164
Reference: URL:http://www.frsirt.com/english/advisories/2006/0164
Reference: OSVDB:22342
Reference: URL:http://www.osvdb.org/22342
Reference: SECUNIA:18422
Reference: URL:http://secunia.com/advisories/18422
Reference: SREASON:414
Reference: URL:http://securityreason.com/securityalert/414
Reference: XF:aspsurvey-loginvalidate-sql-injection(24087)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24087

Votes:

Name: CVE-2006-0193

Description:
Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 H-Sphere Security Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421704/100/0/threaded
Reference: CONFIRM:http://www.psoft.net/HSdocumentation/versions/?v=all&p=r
Reference: CONFIRM:http://www.psoft.net/HSdocumentation/versions/index.php?v=243p9&p=r
Reference: FRSIRT:ADV-2006-0172
Reference: URL:http://www.frsirt.com/english/advisories/2006/0172
Reference: OSVDB:22372
Reference: URL:http://www.osvdb.org/22372
Reference: SECUNIA:18447
Reference: URL:http://secunia.com/advisories/18447
Reference: XF:hsphere-login-xss(24096)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24096

Votes:

Name: CVE-2006-0194

Description:
Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 FogBugz Cross Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421729/100/0/threaded
Reference: CONFIRM:http://www.fogcreek.com/FogBugz/KB/releaseNotes/WhatsNewInFogBugz4.0.33.html
Reference: BID:16216
Reference: URL:http://www.securityfocus.com/bid/16216
Reference: FRSIRT:ADV-2006-0174
Reference: URL:http://www.frsirt.com/english/advisories/2006/0174
Reference: OSVDB:22370
Reference: URL:http://www.osvdb.org/22370
Reference: SECUNIA:18443
Reference: URL:http://secunia.com/advisories/18443
Reference: XF:fogbugz-login-xss(24103)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24103

Votes:

Name: CVE-2006-0195

Description:
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.

Status: Candidate
Phase: Assigned (20060113)
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2006-02-10
Reference: DEBIAN:DSA-988
Reference: URL:http://www.debian.org/security/2006/dsa-988
Reference: FEDORA:FEDORA-2006-133
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00004.html
Reference: GENTOO:GLSA-200603-09
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-09.xml
Reference: MANDRIVA:MDKSA-2006:049
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:049
Reference: REDHAT:RHSA-2006:0283
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0283.html
Reference: SGI:20060501-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
Reference: SUSE:SUSE-SR:2006:005
Reference: URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html
Reference: BID:16756
Reference: URL:http://www.securityfocus.com/bid/16756
Reference: FRSIRT:ADV-2006-0689
Reference: URL:http://www.frsirt.com/english/advisories/2006/0689
Reference: SECTRACK:1015662
Reference: URL:http://securitytracker.com/id?1015662
Reference: SECUNIA:18985
Reference: URL:http://secunia.com/advisories/18985
Reference: SECUNIA:19131
Reference: URL:http://secunia.com/advisories/19131
Reference: SECUNIA:19130
Reference: URL:http://secunia.com/advisories/19130
Reference: SECUNIA:19176
Reference: URL:http://secunia.com/advisories/19176
Reference: SECUNIA:19205
Reference: URL:http://secunia.com/advisories/19205
Reference: SECUNIA:19960
Reference: URL:http://secunia.com/advisories/19960
Reference: SECUNIA:20210
Reference: URL:http://secunia.com/advisories/20210
Reference: XF:squirrelmail-magichtml-xss(24848)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24848

Votes:

Name: CVE-2006-0196

Description:
Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060111 Serial Line Sniffer 0.4.4 Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421583/100/0/threaded
Reference: MISC:http://shellcoders.com/sintigan/slsnif-ploit.pl
Reference: FRSIRT:ADV-2006-0212
Reference: URL:http://www.frsirt.com/english/advisories/2006/0212
Reference: SECUNIA:18497
Reference: URL:http://secunia.com/advisories/18497
Reference: XF:slsnif-home-bo(24082)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24082

Votes:

Name: CVE-2006-0197

Description:
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060108 xorg server 6.8.2 and below on 64bit arch
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421256/100/0/threaded

Votes:

Name: CVE-2006-0198

Description:
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060107 Xoops Pool Module IMG Tag Cross Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421325/100/0/threaded
Reference: MISC:http://www.xoops.org/modules/newbb/viewtopic.php?topic_id=45637&forum=2&post_id=200481
Reference: BID:16189
Reference: URL:http://www.securityfocus.com/bid/16189
Reference: XF:xoops-pool-imagetag-xss(24091)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24091

Votes:

Name: CVE-2006-0199

Description:
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060113 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injectionvulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421727/100/0/threaded
Reference: FULLDISC:20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html
Reference: MISC:http://www.nukedx.com/?viewdoc=7
Reference: FRSIRT:ADV-2006-0173
Reference: URL:http://www.frsirt.com/english/advisories/2006/0173
Reference: OSVDB:22384
Reference: URL:http://www.osvdb.org/22384
Reference: SECUNIA:18439
Reference: URL:http://secunia.com/advisories/18439
Reference: SREASON:340
Reference: URL:http://securityreason.com/securityalert/340
Reference: XF:mininuke-news-sql-injection(24098)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24098

Votes:

Name: CVE-2006-0200

Description:
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 Advisory 02/2006: PHP ext/mysqli Format String Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421705/100/0/threaded
Reference: MISC:http://www.hardened-php.net/advisory_022006.113.html
Reference: CONFIRM:http://www.php.net/release_5_1_2.php
Reference: BID:16219
Reference: URL:http://www.securityfocus.com/bid/16219
Reference: FRSIRT:ADV-2006-0177
Reference: URL:http://www.frsirt.com/english/advisories/2006/0177
Reference: FRSIRT:ADV-2006-0369
Reference: URL:http://www.frsirt.com/english/advisories/2006/0369
Reference: SECTRACK:1015485
Reference: URL:http://securitytracker.com/id?1015485
Reference: SECUNIA:18431
Reference: URL:http://secunia.com/advisories/18431
Reference: SREASON:337
Reference: URL:http://securityreason.com/securityalert/337
Reference: XF:php-extmysqli-format-string(24095)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24095

Votes:

Name: CVE-2006-0201

Description:
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 Multiple PHP Toolkit for PayPal Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/421739
Reference: MISC:http://www.uinc.ru/articles/vuln/ptpaypal050.shtml
Reference: BID:16218
Reference: URL:http://www.securityfocus.com/bid/16218
Reference: FRSIRT:ADV-2006-0183
Reference: URL:http://www.frsirt.com/english/advisories/2006/0183
Reference: OSVDB:22378
Reference: URL:http://www.osvdb.org/22378
Reference: SECUNIA:18444
Reference: URL:http://secunia.com/advisories/18444

Votes:

Name: CVE-2006-0202

Description:
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 Multiple PHP Toolkit for PayPal Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/421739
Reference: MISC:http://www.uinc.ru/articles/vuln/ptpaypal050.shtml
Reference: BID:16218
Reference: URL:http://www.securityfocus.com/bid/16218
Reference: FRSIRT:ADV-2006-0183
Reference: URL:http://www.frsirt.com/english/advisories/2006/0183
Reference: OSVDB:22379
Reference: URL:http://www.osvdb.org/22379
Reference: SECUNIA:18444
Reference: URL:http://secunia.com/advisories/18444

Votes:

Name: CVE-2006-0203

Description:
membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060113 Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remoteuser password change exploit
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421748/100/0/threaded
Reference: BUGTRAQ:20060129 [xpl#2] MiniNuke 1.8.2 - change member's passwrod < Perl >
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2006-01/0483.html
Reference: FULLDISC:20060112 Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0439.html
Reference: FULLDISC:20060112 Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0437.html
Reference: FRSIRT:ADV-2006-0173
Reference: URL:http://www.frsirt.com/english/advisories/2006/0173
Reference: OSVDB:22385
Reference: URL:http://www.osvdb.org/22385
Reference: SECUNIA:18439
Reference: URL:http://secunia.com/advisories/18439
Reference: SREASON:344
Reference: URL:http://securityreason.com/securityalert/344
Reference: XF:mininuke-membership-change-password(24101)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24101

Votes:

Name: CVE-2006-0204

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421746/100/0/threaded
Reference: MISC:http://evuln.com/vulns/28/summary.html
Reference: BID:16227
Reference: URL:http://www.securityfocus.com/bid/16227
Reference: FRSIRT:ADV-2006-0185
Reference: URL:http://www.frsirt.com/english/advisories/2006/0185
Reference: OSVDB:22359
Reference: URL:http://www.osvdb.org/22359
Reference: SECUNIA:18440
Reference: URL:http://secunia.com/advisories/18440
Reference: SREASON:345
Reference: URL:http://securityreason.com/securityalert/345
Reference: XF:wordcircle-index-xss(24106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24106

Votes:

Name: CVE-2006-0205

Description:
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 [eVuln] Wordcircle Authentication Bypass
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421745/100/0/threaded
Reference: MISC:http://evuln.com/vulns/27/summary.html
Reference: BUGTRAQ:20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421746/100/0/threaded
Reference: MISC:http://evuln.com/vulns/28/summary.html
Reference: BID:16227
Reference: URL:http://www.securityfocus.com/bid/16227
Reference: FRSIRT:ADV-2006-0185
Reference: URL:http://www.frsirt.com/english/advisories/2006/0185
Reference: OSVDB:22358
Reference: URL:http://www.osvdb.org/22358
Reference: SECUNIA:18440
Reference: URL:http://secunia.com/advisories/18440
Reference: SREASON:345
Reference: URL:http://securityreason.com/securityalert/345
Reference: SREASON:346
Reference: URL:http://securityreason.com/securityalert/346
Reference: XF:wordcircle-login-security-bypass(24108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24108
Reference: XF:wordcircle-sql-injection(24105)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24105

Votes:

Name: CVE-2006-0206

Description:
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060113 [eVuln] Light Weight Calendar PHP Code Execution
Reference: VIM:20060318 Source VERIFY - Light Weight Calendar issue is eval injection
Reference: URL:http://attrition.org/pipermail/vim/2006-March/000612.html
Reference: MISC:http://evuln.com/vulns/29/summary.html
Reference: BID:16229
Reference: URL:http://www.securityfocus.com/bid/16229
Reference: FRSIRT:ADV-2006-0171
Reference: MISC:http://evuln.com/vulns/29/summary.html
Reference: MISC:http://evuln.com/vulns/29/exploit.html
Reference: OSVDB:22376
Reference: URL:http://www.osvdb.org/22376
Reference: SECUNIA:18450
Reference: URL:http://secunia.com/advisories/18450
Reference: XF:lwc-cal-execute-code(24110)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24110

Votes:

Name: CVE-2006-0207

Description:
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.

Status: Candidate
Phase: Assigned (20060113)
Reference: BUGTRAQ:20060112 Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability
Reference: MISC:http://www.hardened-php.net/advisory_012006.112.html
Reference: CONFIRM:http://www.php.net/release_5_1_2.php
Reference: DEBIAN:DSA-1331
Reference: URL:http://www.debian.org/security/2007/dsa-1331
Reference: GENTOO:GLSA-200603-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
Reference: MANDRIVA:MDKSA-2006:028
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
Reference: SUSE:SUSE-SR:2006:004
Reference: URL:http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
Reference: UBUNTU:USN-261-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-261-1
Reference: BID:16220
Reference: URL:http://www.securityfocus.com/bid/16220
Reference: FRSIRT:ADV-2006-0177
Reference: URL:http://www.frsirt.com/english/advisories/2006/0177
Reference: FRSIRT:ADV-2006-0369
Reference: URL:http://www.frsirt.com/english/advisories/2006/0369
Reference: SECTRACK:1015484
Reference: URL:http://securitytracker.com/id?1015484
Reference: SECUNIA:18431
Reference: URL:http://secunia.com/advisories/18431
Reference: SECUNIA:18697
Reference: URL:http://secunia.com/advisories/18697
Reference: SECUNIA:19179
Reference: URL:http://secunia.com/advisories/19179
Reference: SECUNIA:19355
Reference: URL:http://secunia.com/advisories/19355
Reference: SECUNIA:19012
Reference: URL:http://secunia.com/advisories/19012
Reference: SECUNIA:25945
Reference: URL:http://secunia.com/advisories/25945
Reference: XF:php-session-response-splitting(24094)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24094

Votes:

Name: CVE-2006-0208

Description:
Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message.

Status: Candidate
Phase: Assigned (20060113)
Reference: CONFIRM:http://www.php.net/release_5_1_2.php
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-160.htm
Reference: GENTOO:GLSA-200603-22
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200603-22.xml
Reference: MANDRIVA:MDKSA-2006:028
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:028
Reference: REDHAT:RHSA-2006:0276
Reference: URL:http://rhn.redhat.com/errata/RHSA-2006-0276.html
Reference: REDHAT:RHSA-2006:0501
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0501.html
Reference: REDHAT:RHSA-2006:0549
Reference: URL:http://rhn.redhat.com/errata/RHSA-2006-0549.html
Reference: SGI:20060501-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
Reference: SUSE:SUSE-SR:2006:004
Reference: URL:http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html
Reference: UBUNTU:USN-261-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-261-1
Reference: BID:16803
Reference: URL:http://www.securityfocus.com/bid/16803
Reference: FRSIRT:ADV-2006-0177
Reference: URL:http://www.frsirt.com/english/advisories/2006/0177
Reference: FRSIRT:ADV-2006-0369
Reference: URL:http://www.frsirt.com/english/advisories/2006/0369
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178028
Reference: FRSIRT:ADV-2006-2685
Reference: URL:http://www.frsirt.com/english/advisories/2006/2685
Reference: SECUNIA:18431
Reference: URL:http://secunia.com/advisories/18431
Reference: SECUNIA:18697
Reference: URL:http://secunia.com/advisories/18697
Reference: SECUNIA:19179
Reference: URL:http://secunia.com/advisories/19179
Reference: SECUNIA:19355
Reference: URL:http://secunia.com/advisories/19355
Reference: SECUNIA:19012
Reference: URL:http://secunia.com/advisories/19012
Reference: SECUNIA:19832
Reference: URL:http://secunia.com/advisories/19832
Reference: SECUNIA:20222
Reference: URL:http://secunia.com/advisories/20222
Reference: SECUNIA:20951
Reference: URL:http://secunia.com/advisories/20951
Reference: SECUNIA:21252
Reference: URL:http://secunia.com/advisories/21252
Reference: SECUNIA:21564
Reference: URL:http://secunia.com/advisories/21564
Reference: SECUNIA:20210
Reference: URL:http://secunia.com/advisories/20210

Votes:

Name: CVE-2006-0209

Description:
SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php.

Status: Candidate
Phase: Assigned (20060114)
Reference: BUGTRAQ:20060112 [eVuln] TankLogger SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421743/100/0/threaded
Reference: VIM:20060113 Verified TankLogger SQl inject by source inspection
Reference: URL:http://attrition.org/pipermail/vim/2006-January/000480.html
Reference: MISC:http://evuln.com/vulns/26/summary.html
Reference: BID:16228
Reference: URL:http://www.securityfocus.com/bid/16228
Reference: FRSIRT:ADV-2006-0153
Reference: URL:http://www.frsirt.com/english/advisories/2006/0153
Reference: OSVDB:22368
Reference: URL:http://www.osvdb.org/22368
Reference: OSVDB:22369
Reference: URL:http://www.osvdb.org/22369
Reference: SECUNIA:18441
Reference: URL:http://secunia.com/advisories/18441
Reference: SREASON:341
Reference: URL:http://securityreason.com/securityalert/341
Reference: XF:tanklogger-generalfunctions-sql-injection(24080)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24080

Votes:

Name: CVE-2006-0210

Description:
Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page.

Status: Candidate
Phase: Assigned (20060114)
Reference: BUGTRAQ:20060112 Interspire TrackPoint NX XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421740/100/0/threaded
Reference: CONFIRM:http://www.interspire.com/forum/showthread.php?p=29606
Reference: BID:16214
Reference: URL:http://www.securityfocus.com/bid/16214
Reference: FRSIRT:ADV-2006-0175
Reference: URL:http://www.frsirt.com/english/advisories/2006/0175
Reference: OSVDB:22377
Reference: URL:http://www.osvdb.org/22377
Reference: SECUNIA:18445
Reference: URL:http://secunia.com/advisories/18445
Reference: XF:trackpointnx-login-xss(24112)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24112

Votes:

Name: CVE-2006-0211

Description:
Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter.

Status: Candidate
Phase: Assigned (20060114)
Reference: BUGTRAQ:20060112 Helm XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421791/100/0/threaded
Reference: CONFIRM:http://www.webhostautomation.com/webhost-301
Reference: BID:16234
Reference: URL:http://www.securityfocus.com/bid/16234
Reference: FRSIRT:ADV-2006-0203
Reference: URL:http://www.frsirt.com/english/advisories/2006/0203
Reference: OSVDB:22454
Reference: URL:http://www.osvdb.org/22454
Reference: SECUNIA:18492
Reference: URL:http://secunia.com/advisories/18492
Reference: XF:helm-forgotpassword-xss(24139)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24139

Votes:

Name: CVE-2006-0212

Description:
Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push.

Status: Candidate
Phase: Assigned (20060114)
Reference: BUGTRAQ:20060113 DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal'
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421993/100/0/threaded
Reference: FULLDISC:20060113 DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal'
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=113712413907526&w=2
Reference: MISC:http://www.digitalmunition.com/DMA%5B2006-0112a%5D.txt
Reference: MISC:http://aps.toshiba-tro.de/bluetooth/pages/driverinfo.php?txt=sp2
Reference: BID:16236
Reference: URL:http://www.securityfocus.com/bid/16236
Reference: FRSIRT:ADV-2006-0184
Reference: URL:http://www.frsirt.com/english/advisories/2006/0184
Reference: OSVDB:22380
Reference: URL:http://www.osvdb.org/22380
Reference: SECTRACK:1015486
Reference: URL:http://securitytracker.com/id?1015486
Reference: SECUNIA:18437
Reference: URL:http://secunia.com/advisories/18437

Votes:

Name: CVE-2006-0213

Description:
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20060114)
Reference: CONFIRM:http://kolab.org/security/kolab-vendor-notice-08.txt
Reference: FRSIRT:ADV-2006-0186
Reference: URL:http://www.frsirt.com/english/advisories/2006/0186
Reference: OSVDB:22381
Reference: URL:http://www.osvdb.org/22381
Reference: SECUNIA:18438
Reference: URL:http://secunia.com/advisories/18438
Reference: XF:kolab-smtp-logging(24123)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24123

Votes:

Name: CVE-2006-0214

Description:
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.

Status: Candidate
Phase: Assigned (20060115)
Reference: BUGTRAQ:20060114 ezDatabase 2.0 and below
Reference: MISC:http://pridels0.blogspot.com/2006/01/ezdatabase-20-and-below.html
Reference: BID:16237
Reference: URL:http://www.securityfocus.com/bid/16237
Reference: SECUNIA:18043
Reference: URL:http://secunia.com/advisories/18043
Reference: SREASON:351
Reference: URL:http://securityreason.com/securityalert/351
Reference: XF:ezdatabase-visitorupload-file-include(24136)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24136

Votes:

Name: CVE-2006-0215

Description:
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216.

Status: Candidate
Phase: Assigned (20060116)
Reference: MISC:http://osvdb.org/ref/22/22352-qualityppc.txt
Reference: OSVDB:22352
Reference: URL:http://www.osvdb.org/22352

Votes:

Name: CVE-2006-0216

Description:
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.

Status: Candidate
Phase: Assigned (20060116)
Reference: MISC:http://osvdb.org/ref/22/22352-qualityppc.txt
Reference: MISC:http://osvdb.org/ref/22/22353-qualityppc.txt
Reference: OSVDB:22353
Reference: URL:http://www.osvdb.org/22353

Votes:

Name: CVE-2006-0217

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.

Status: Candidate
Phase: Assigned (20060116)
Reference: FULLDISC:20060115 Ultimate Auction <=3.67
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0517.html
Reference: BID:16239
Reference: URL:http://www.securityfocus.com/bid/16239
Reference: BID:16254
Reference: URL:http://www.securityfocus.com/bid/16254
Reference: FRSIRT:ADV-2006-0187
Reference: URL:http://www.frsirt.com/english/advisories/2006/0187
Reference: OSVDB:22443
Reference: URL:http://www.osvdb.org/22443
Reference: OSVDB:22444
Reference: URL:http://www.osvdb.org/22444
Reference: SECUNIA:18477
Reference: URL:http://secunia.com/advisories/18477
Reference: XF:ultimate-auction-item-xss(24138)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24138

Votes:

Name: CVE-2006-0218

Description:
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.

Status: Candidate
Phase: Assigned (20060116)
Reference: CONFIRM:http://community.mybboard.net/showthread.php?tid=5852

Votes:

Name: CVE-2006-0219

Description:
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.

Status: Candidate
Phase: Assigned (20060116)
Reference: MISC:http://community.mybboard.net/showthread.php?tid=5853&pid=35088#pid35088
Reference: MISC:http://community.mybboard.net/showthread.php?tid=5853&pid=35151#pid35151
Reference: CONFIRM:http://community.mybboard.net/showthread.php?tid=5960
Reference: BID:16230
Reference: URL:http://www.securityfocus.com/bid/16230
Reference: XF:mybb-usercp-script-sql-injection(24115)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24115

Votes:

Name: CVE-2006-0220

Description:
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.

Status: Candidate
Phase: Assigned (20060116)
Reference: BUGTRAQ:20060113 DCP Portal Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421914/100/0/threaded
Reference: BID:16232
Reference: URL:http://www.securityfocus.com/bid/16232
Reference: XF:dcpportal-calendar-search-xss(24153)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24153

Votes:

Name: CVE-2006-0221

Description:
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.

Status: Candidate
Phase: Assigned (20060116)
Reference: BUGTRAQ:20060113 DDSN CMS Admin Panel SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421941/100/0/threaded
Reference: BID:16231
Reference: URL:http://www.securityfocus.com/bid/16231
Reference: OSVDB:22696
Reference: URL:http://www.osvdb.org/22696
Reference: XF:cm3-login-sql-injection(24266)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24266

Votes:

Name: CVE-2006-0222

Description:
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.

Status: Candidate
Phase: Assigned (20060116)
Reference: BUGTRAQ:20060113 AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421916/100/0/threaded
Reference: BID:16233
Reference: URL:http://www.securityfocus.com/bid/16233
Reference: OSVDB:22746
Reference: URL:http://www.osvdb.org/22746
Reference: XF:template-seller-fullview-xss(24235)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24235

Votes:

Name: CVE-2006-0223

Description:
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.

Status: Candidate
Phase: Assigned (20060116)
Reference: BUGTRAQ:20060113 [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server
Reference: MISC:http://www.123flashchat.com/flash-chat-server-v512.html
Reference: BID:16235
Reference: URL:http://www.securityfocus.com/bid/16235
Reference: FRSIRT:ADV-2006-0198
Reference: URL:http://www.frsirt.com/english/advisories/2006/0198
Reference: OSVDB:22440
Reference: URL:http://www.osvdb.org/22440
Reference: SECUNIA:18455
Reference: URL:http://secunia.com/advisories/18455
Reference: XF:123flashchat-user-directory-traversal(24137)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24137

Votes:

Name: CVE-2006-0224

Description:
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060123 [ Rosiello Security ] Eterm-LibAST Advisory
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423207/100/0/threaded
Reference: BUGTRAQ:20060123 LibAST 0.7 Release Fixes Security Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423366/100/0/threaded
Reference: BUGTRAQ:20060125 Rosiello Security - Eterm-LibAST Advisory
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/423088/100/0/threaded
Reference: MISC:http://www.rosiello.org/en/read_bugs.php?id=25
Reference: CONFIRM:http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
Reference: MISC:http://www.rosiello.org/en/read_bugs.php?id=25
Reference: DEBIAN:DSA-976
Reference: URL:http://www.debian.org/security/2006/dsa-976
Reference: GENTOO:GLSA-200601-14
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
Reference: MANDRIVA:MDKSA-2006:029
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
Reference: BID:16350
Reference: URL:http://www.securityfocus.com/bid/16350
Reference: FRSIRT:ADV-2006-0314
Reference: URL:http://www.frsirt.com/english/advisories/2006/0314
Reference: OSVDB:22735
Reference: URL:http://www.osvdb.org/22735
Reference: SECUNIA:18586
Reference: URL:http://secunia.com/advisories/18586
Reference: SECUNIA:18632
Reference: URL:http://secunia.com/advisories/18632
Reference: SECUNIA:18916
Reference: URL:http://secunia.com/advisories/18916
Reference: SREASON:373
Reference: URL:http://securityreason.com/securityalert/373
Reference: XF:eterm-libast-filename-bo(24303)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24303

Votes:

Name: CVE-2006-0225

Description:
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Status: Candidate
Phase: Assigned (20060117)
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174026
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/sas/f/hmc/power5/install/v52.Readme.html#MH00688
Reference: CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2751
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-158.htm
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-262.htm
Reference: CONFIRM:http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Reference: CONFIRM:http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=305214
Reference: CONFIRM:http://blogs.sun.com/security/entry/sun_alert_102961_security_vulnerability
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2007-246.htm
Reference: APPLE:APPLE-SA-2007-03-13
Reference: URL:http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
Reference: FEDORA:FEDORA-2006-056
Reference: FEDORA:FLSA-2006:168935
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/425397/100/0/threaded
Reference: GENTOO:GLSA-200602-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200602-11.xml
Reference: HP:HPSBUX02178
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
Reference: HP:SSRT061267
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00815112
Reference: MANDRIVA:MDKSA-2006:034
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:034
Reference: OPENBSD:20060212 [3.8] 005: SECURITY FIX: February 12, 2006
Reference: URL:ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/005_ssh.patch
Reference: OPENPKG:OpenPKG-SA-2006.003
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2006.003-openssh.html
Reference: REDHAT:RHSA-2006:0044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0044.html
Reference: REDHAT:RHSA-2006:0298
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0298.html
Reference: REDHAT:RHSA-2006:0698
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0698.html
Reference: SGI:20060703-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
Reference: SLACKWARE:SSA:2006-045-06
Reference: URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.425802
Reference: SUNALERT:102961
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102961-1
Reference: SUSE:SUSE-SA:2006:008
Reference: URL:http://www.novell.com/linux/security/advisories/2006_08_openssh.html
Reference: TRUSTIX:2006-0004
Reference: URL:http://www.trustix.org/errata/2006/0004
Reference: UBUNTU:USN-255-1
Reference: URL:http://www.ubuntu.com/usn/usn-255-1
Reference: CERT:TA07-072A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Reference: BID:16369
Reference: URL:http://www.securityfocus.com/bid/16369
Reference: FRSIRT:ADV-2006-0306
Reference: URL:http://www.frsirt.com/english/advisories/2006/0306
Reference: FRSIRT:ADV-2006-2490
Reference: URL:http://www.frsirt.com/english/advisories/2006/2490
Reference: FRSIRT:ADV-2006-4869
Reference: URL:http://www.frsirt.com/english/advisories/2006/4869
Reference: FRSIRT:ADV-2007-0930
Reference: URL:http://www.frsirt.com/english/advisories/2007/0930
Reference: FRSIRT:ADV-2007-2120
Reference: URL:http://www.frsirt.com/english/advisories/2007/2120
Reference: OSVDB:22692
Reference: URL:http://www.osvdb.org/22692
Reference: OVAL:oval:org.mitre.oval:def:1138
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1138
Reference: SECTRACK:1015540
Reference: URL:http://securitytracker.com/id?1015540
Reference: SECUNIA:18579
Reference: URL:http://secunia.com/advisories/18579
Reference: SECUNIA:18595
Reference: URL:http://secunia.com/advisories/18595
Reference: SECUNIA:18650
Reference: URL:http://secunia.com/advisories/18650
Reference: SECUNIA:18736
Reference: URL:http://secunia.com/advisories/18736
Reference: SECUNIA:18798
Reference: URL:http://secunia.com/advisories/18798
Reference: SECUNIA:18850
Reference: URL:http://secunia.com/advisories/18850
Reference: SECUNIA:18910
Reference: URL:http://secunia.com/advisories/18910
Reference: SECUNIA:18964
Reference: URL:http://secunia.com/advisories/18964
Reference: SECUNIA:18969
Reference: URL:http://secunia.com/advisories/18969
Reference: SECUNIA:18970
Reference: URL:http://secunia.com/advisories/18970
Reference: SECUNIA:19159
Reference: URL:http://secunia.com/advisories/19159
Reference: SECUNIA:20723
Reference: URL:http://secunia.com/advisories/20723
Reference: SECUNIA:21129
Reference: URL:http://secunia.com/advisories/21129
Reference: SECUNIA:21262
Reference: URL:http://secunia.com/advisories/21262
Reference: SECUNIA:21492
Reference: URL:http://secunia.com/advisories/21492
Reference: SECUNIA:21724
Reference: URL:http://secunia.com/advisories/21724
Reference: SECUNIA:22196
Reference: URL:http://secunia.com/advisories/22196
Reference: SECUNIA:23241
Reference: URL:http://secunia.com/advisories/23241
Reference: SECUNIA:23340
Reference: URL:http://secunia.com/advisories/23340
Reference: SECUNIA:23680
Reference: URL:http://secunia.com/advisories/23680
Reference: SECUNIA:24479
Reference: URL:http://secunia.com/advisories/24479
Reference: SECUNIA:25607
Reference: URL:http://secunia.com/advisories/25607
Reference: SECUNIA:25936
Reference: URL:http://secunia.com/advisories/25936
Reference: SREASON:462
Reference: URL:http://securityreason.com/securityalert/462
Reference: XF:openssh-scp-command-execution(24305)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24305

Votes:

Name: CVE-2006-0226

Description:
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.

Status: Candidate
Phase: Assigned (20060117)
Reference: MISC:http://www.signedness.org/advisories/sps-0x1.txt
Reference: MISC:http://kernelwars.blogspot.com/2007/01/alive.html
Reference: MISC:http://www.blackhat.com/html/bh-europe-07/bh-eu-07-speakers.html#Eriksson
Reference: FREEBSD:FreeBSD-SA-06:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
Reference: BID:16296
Reference: URL:http://www.securityfocus.com/bid/16296
Reference: OSVDB:22537
Reference: URL:http://www.osvdb.org/22537
Reference: SECTRACK:1015518
Reference: URL:http://securitytracker.com/id?1015518
Reference: SECUNIA:18353
Reference: URL:http://secunia.com/advisories/18353
Reference: XF:bsd-ieee80211-bo(24192)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24192

Votes:

Name: CVE-2006-0227

Description:
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.

Status: Candidate
Phase: Assigned (20060117)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-056.htm
Reference: SUNALERT:102033
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102033-1
Reference: BID:16245
Reference: URL:http://www.securityfocus.com/bid/16245
Reference: FRSIRT:ADV-2006-0200
Reference: URL:http://www.frsirt.com/english/advisories/2006/0200
Reference: OSVDB:22441
Reference: URL:http://www.osvdb.org/22441
Reference: OSVDB:22442
Reference: URL:http://www.osvdb.org/22442
Reference: OVAL:oval:org.mitre.oval:def:662
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:662
Reference: SECTRACK:1015492
Reference: URL:http://securitytracker.com/id?1015492
Reference: SECUNIA:18498
Reference: URL:http://secunia.com/advisories/18498
Reference: SECUNIA:19087
Reference: URL:http://secunia.com/advisories/19087
Reference: XF:solaris-lpsched-dos(24127)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24127

Votes:

Name: CVE-2006-0228

Description:
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.

Status: Candidate
Phase: Assigned (20060117)
Reference: CONFIRM:http://www.grsecurity.org/news.php#grsec218
Reference: BID:16261
Reference: URL:http://www.securityfocus.com/bid/16261
Reference: FRSIRT:ADV-2006-0199
Reference: URL:http://www.frsirt.com/english/advisories/2006/0199
Reference: SECUNIA:18458
Reference: URL:http://secunia.com/advisories/18458
Reference: XF:grsecurity-rbac-admin-privileges(24156)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24156

Votes:

Name: CVE-2006-0229

Description:
Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060116 WehnTrust - When you have to trust Wehntrust
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422020/100/0/threaded
Reference: BUGTRAQ:20060116 Re: [Full-disclosure] WehnTrust - When you have to trust Wehntrust
Reference: URL:http://www.securityfocus.com/archive/1/422046/100/0/threaded
Reference: MISC:http://www.wehnus.com/downloads.pl
Reference: BID:16268
Reference: URL:http://www.securityfocus.com/bid/16268
Reference: XF:wehntrust-service-start-file-execution(24315)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24315

Votes:

Name: CVE-2006-0230

Description:
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431734/100/0/threaded
Reference: BUGTRAQ:20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431724/100/0/threaded
Reference: VULNWATCH:20060421 Rapid7 Advisory R7-0021: Symantec Scan Engine Authentication Fundamental Design Error
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0010.html
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2006.04.21.html
Reference: CERT-VN:VU#118388
Reference: URL:http://www.kb.cert.org/vuls/id/118388
Reference: BID:17637
Reference: URL:http://www.securityfocus.com/bid/17637
Reference: FRSIRT:ADV-2006-1464
Reference: URL:http://www.frsirt.com/english/advisories/2006/1464
Reference: SECUNIA:19734
Reference: URL:http://secunia.com/advisories/19734
Reference: XF:sse-unauth-admin-access(25972)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25972

Votes:

Name: CVE-2006-0231

Description:
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060421 Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431725/100/0/threaded
Reference: BUGTRAQ:20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431734/100/0/threaded
Reference: VULNWATCH:20060421 Rapid7 Advisory R7-0022: Symantec Scan Engine Known Immutable DSA Private Key
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0011.html
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2006.04.21.html
Reference: BID:17637
Reference: URL:http://www.securityfocus.com/bid/17637
Reference: FRSIRT:ADV-2006-1464
Reference: URL:http://www.frsirt.com/english/advisories/2006/1464
Reference: SECTRACK:1015974
Reference: URL:http://securitytracker.com/id?1015974
Reference: SECUNIA:19734
Reference: URL:http://secunia.com/advisories/19734
Reference: XF:sse-insecure-private-key(25973)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25973

Votes:

Name: CVE-2006-0232

Description:
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431728/100/0/threaded
Reference: BUGTRAQ:20060421 [Symantec Security Advisor] Symantec Scan Engine Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/431734/100/0/threaded
Reference: VULNWATCH:20060421 Rapid7 Advisory R7-0023: Symantec Scan Engine File Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0012.html
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2006.04.21.html
Reference: BID:17637
Reference: URL:http://www.securityfocus.com/bid/17637
Reference: FRSIRT:ADV-2006-1464
Reference: URL:http://www.frsirt.com/english/advisories/2006/1464
Reference: SECTRACK:1015974
Reference: URL:http://securitytracker.com/id?1015974
Reference: SECUNIA:19734
Reference: URL:http://secunia.com/advisories/19734
Reference: SREASON:758
Reference: URL:http://securityreason.com/securityalert/758
Reference: SREASON:759
Reference: URL:http://securityreason.com/securityalert/759
Reference: XF:sse-unauth-file-access(25974)
Reference: URL:http://xforce.iss.net/xforce/xfdb/25974

Votes:

Name: CVE-2006-0233

Description:
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060117 [eVuln] microBlog BBCode XSS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422145/100/0/threaded
Reference: MISC:http://evuln.com/vulns/36/summary.html
Reference: BID:16272
Reference: URL:http://www.securityfocus.com/bid/16272
Reference: SECTRACK:1015496
Reference: URL:http://securitytracker.com/id?1015496
Reference: XF:microblog-functions-xss(24140)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24140

Votes:

Name: CVE-2006-0234

Description:
SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.

Status: Candidate
Phase: Assigned (20060117)
Reference: BUGTRAQ:20060117 [eVuln] microBlog SQL Injection Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422141/100/0/threaded
Reference: MISC:http://evuln.com/vulns/35/summary.html
Reference: BID:16270
Reference: URL:http://www.securityfocus.com/bid/16270
Reference: FRSIRT:ADV-2006-0239
Reference: URL:http://www.frsirt.com/english/advisories/2006/0239
Reference: OSVDB:22512
Reference: URL:http://www.osvdb.org/22512
Reference: SECTRACK:1015496
Reference: URL:http://securitytracker.com/id?1015496
Reference: SECUNIA:18442
Reference: URL:http://secunia.com/advisories/18442
Reference: XF:microblog-index-sql-injection(24132)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24132

Votes:

Name: CVE-2006-0235

Description:
SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060116 White Album Sql İnjection biyosecurity.be
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422105/100/0/threaded
Reference: MISC:http://www.biyosecurity.be/bugs/whitealbum.txt
Reference: BID:16247
Reference: URL:http://www.securityfocus.com/bid/16247
Reference: FRSIRT:ADV-2006-0241
Reference: URL:http://www.frsirt.com/english/advisories/2006/0241
Reference: OSVDB:22520
Reference: URL:http://www.osvdb.org/22520
Reference: SECUNIA:18460
Reference: URL:http://secunia.com/advisories/18460
Reference: XF:whitealbum-pictures-sql-injection(24271)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24271

Votes:

Name: CVE-2006-0236

Description:
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422148/100/0/threaded
Reference: MISC:http://secunia.com/secunia_research/2005-22/advisory
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=300246
Reference: MANDRIVA:MDKSA-2006:021
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:021
Reference: BID:16271
Reference: URL:http://www.securityfocus.com/bid/16271
Reference: FRSIRT:ADV-2006-0230
Reference: URL:http://www.frsirt.com/english/advisories/2006/0230
Reference: SECUNIA:15907
Reference: URL:http://secunia.com/advisories/15907
Reference: XF:thunderbird-attachment-ext-spoofing(24164)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24164

Votes:

Name: CVE-2006-0237

Description:
Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060118)
Reference: BID:16255
Reference: URL:http://www.securityfocus.com/bid/16255
Reference: FRSIRT:ADV-2006-0214
Reference: URL:http://www.frsirt.com/english/advisories/2006/0214
Reference: SECUNIA:18470
Reference: URL:http://secunia.com/advisories/18470
Reference: XF:gtpicommerce-index-xss(24150)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24150

Votes:

Name: CVE-2006-0238

Description:
SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://osvdb.org/ref/22/22450-wpstats.txt
Reference: CONFIRM:http://www.lesterchan.net/blogs/
Reference: CONFIRM:http://www.lesterchan.net/blogs/archives/2006/01/18/wp-stats-sql-injection-vulnerability
Reference: BID:16241
Reference: URL:http://www.securityfocus.com/bid/16241
Reference: FRSIRT:ADV-2006-0192
Reference: URL:http://www.frsirt.com/english/advisories/2006/0192
Reference: OSVDB:22450
Reference: URL:http://www.osvdb.org/22450
Reference: SECUNIA:18471
Reference: URL:http://secunia.com/advisories/18471
Reference: XF:wpstats-script-sql-injection(24163)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24163

Votes:

Name: CVE-2006-0239

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via (1) a comment to comments.asp and (2) possibly certain other fields in unspecified scripts.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422102/100/0/threaded
Reference: MISC:http://www.hackerscenter.com/archive/view.asp?id=21926
Reference: BID:16243
Reference: URL:http://www.securityfocus.com/bid/16243
Reference: FRSIRT:ADV-2006-0194
Reference: URL:http://www.frsirt.com/english/advisories/2006/0194
Reference: OSVDB:22448
Reference: URL:http://www.osvdb.org/22448
Reference: SECUNIA:18488
Reference: URL:http://secunia.com/advisories/18488
Reference: XF:simpleblog-comment-xss(24154)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24154

Votes:

Name: CVE-2006-0240

Description:
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060114 [HSC Security Group] Multiple SQL injection/XSS in SimpleBlog 2.1
Reference: URL:http://www.securityfocus.com/archive/1/422102/100/0/threaded
Reference: MISC:http://www.hackerscenter.com/archive/view.asp?id=21926
Reference: BID:16243
Reference: URL:http://www.securityfocus.com/bid/16243
Reference: FRSIRT:ADV-2006-0194
Reference: URL:http://www.frsirt.com/english/advisories/2006/0194
Reference: OSVDB:22447
Reference: URL:http://www.osvdb.org/22447
Reference: SECUNIA:18488
Reference: URL:http://secunia.com/advisories/18488
Reference: XF:simpleblog-month-sql-injection(24155)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24155

Votes:

Name: CVE-2006-0241

Description:
Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 XSS in WBNews < = v1.1.0
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422133/100/0/threaded
Reference: BID:16277
Reference: URL:http://www.securityfocus.com/bid/16277
Reference: FRSIRT:ADV-2006-0237
Reference: URL:http://www.frsirt.com/english/advisories/2006/0237
Reference: SECUNIA:18499
Reference: URL:http://secunia.com/advisories/18499

Votes:

Name: CVE-2006-0242

Description:
Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 IndonesiaHack Advisory HTML injection in PHP Fusebox
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422124/100/0/threaded
Reference: BID:16274
Reference: URL:http://www.securityfocus.com/bid/16274
Reference: SREASON:355
Reference: URL:http://securityreason.com/securityalert/355

Votes:

Name: CVE-2006-0243

Description:
Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the text parameter, which is used by the "Search Site" field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Status: Candidate
Phase: Assigned (20060118)
Reference: BID:16281
Reference: URL:http://www.securityfocus.com/bid/16281
Reference: FRSIRT:ADV-2006-0229
Reference: URL:http://www.frsirt.com/english/advisories/2006/0229
Reference: OSVDB:22494
Reference: URL:http://www.osvdb.org/22494
Reference: SECUNIA:18454
Reference: URL:http://secunia.com/advisories/18454
Reference: XF:smbcms-sitesearch-xss(24187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24187

Votes:

Name: CVE-2006-0244

Description:
** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060116 Directory traversal in phpXplorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421997/100/0/threaded
Reference: BUGTRAQ:20060116 Re: Directory traversal in phpXplorer
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422158/100/0/threaded
Reference: MISC:http://www.arrelnet.com/advisories/adv20060116.html
Reference: BID:16263
Reference: URL:http://www.securityfocus.com/bid/16263
Reference: FRSIRT:ADV-2006-0232
Reference: URL:http://www.frsirt.com/english/advisories/2006/0232
Reference: SECUNIA:18518
Reference: URL:http://secunia.com/advisories/18518
Reference: SREASON:353
Reference: URL:http://securityreason.com/securityalert/353
Reference: XF:phpxplorer-sshare-directory-traversal(39982)
Reference: URL:http://xforce.iss.net/xforce/xfdb/39982

Votes:

Name: CVE-2006-0245

Description:
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://bugs.cubecart.com/?do=details&id=459
Reference: MISC:http://lostmon.blogspot.com/2006/01/cubecart-307-pl1-indexphp-multiple.html
Reference: BID:16259
Reference: URL:http://www.securityfocus.com/bid/16259
Reference: FRSIRT:ADV-2006-0227
Reference: URL:http://www.frsirt.com/english/advisories/2006/0227
Reference: OSVDB:22471
Reference: URL:http://www.osvdb.org/22471
Reference: SECUNIA:18519
Reference: URL:http://secunia.com/advisories/18519
Reference: XF:cubecart-index-script-xss(24177)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24177

Votes:

Name: CVE-2006-0246

Description:
Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://osvdb.org/ref/22/22462-widexl.txt
Reference: BID:16265
Reference: URL:http://www.securityfocus.com/bid/16265
Reference: FRSIRT:ADV-2006-0213
Reference: URL:http://www.frsirt.com/english/advisories/2006/0213
Reference: OSVDB:22462
Reference: URL:http://www.osvdb.org/22462
Reference: SECUNIA:18472
Reference: URL:http://secunia.com/advisories/18472
Reference: XF:downloadtracker-down-xss(24161)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24161

Votes:

Name: CVE-2006-0247

Description:
Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://osvdb.org/ref/22/22461-anyboard.txt
Reference: BID:16264
Reference: URL:http://www.securityfocus.com/bid/16264
Reference: FRSIRT:ADV-2006-0188
Reference: URL:http://www.frsirt.com/english/advisories/2006/0188
Reference: OSVDB:22461
Reference: URL:http://www.osvdb.org/22461
Reference: SECUNIA:18469
Reference: URL:http://secunia.com/advisories/18469
Reference: XF:netbula-anyboard-script-xss(24167)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24167

Votes:

Name: CVE-2006-0248

Description:
Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://blog.globalnetworks.gr/?p=4
Reference: FRSIRT:ADV-2006-0218
Reference: URL:http://www.frsirt.com/english/advisories/2006/0218
Reference: SECUNIA:18483
Reference: URL:http://secunia.com/advisories/18483
Reference: XF:virata-emweb-unauth-access(24304)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24304

Votes:

Name: CVE-2006-0249

Description:
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060116 [eVuln] geoBlog SQL Injection Vulnerability
Reference: MISC:http://evuln.com/vulns/33/summary.html
Reference: BID:16249
Reference: URL:http://www.securityfocus.com/bid/16249
Reference: FRSIRT:ADV-2006-0191
Reference: URL:http://www.frsirt.com/english/advisories/2006/0191
Reference: OSVDB:22463
Reference: URL:http://www.osvdb.org/22463
Reference: SECTRACK:1015493
Reference: URL:http://securitytracker.com/id?1015493
Reference: SECUNIA:18504
Reference: URL:http://secunia.com/advisories/18504
Reference: XF:geoBlog-viewcat-sql-injection(24146)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24146

Votes:

Name: CVE-2006-0250

Description:
Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060116 Digital Armaments Security Advisory 01.16.2006: CMU SNMP utilities snmptrad Format String Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422086/100/0/threaded
Reference: MISC:http://www.digitalarmaments.com/2006040164883273.html
Reference: BID:16267
Reference: URL:http://www.securityfocus.com/bid/16267
Reference: FRSIRT:ADV-2006-0234
Reference: URL:http://www.frsirt.com/english/advisories/2006/0234
Reference: OSVDB:22493
Reference: URL:http://www.osvdb.org/22493
Reference: SECUNIA:18525
Reference: URL:http://secunia.com/advisories/18525
Reference: XF:cmusnmp-snmpinput-format-string(24178)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24178

Votes:

Name: CVE-2006-0251

Description:
Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://osvdb.org/ref/22/22439-faqomatic.txt
Reference: BID:16251
Reference: URL:http://www.securityfocus.com/bid/16251
Reference: FRSIRT:ADV-2006-0189
Reference: URL:http://www.frsirt.com/english/advisories/2006/0189
Reference: OSVDB:22439
Reference: URL:http://www.osvdb.org/22439
Reference: SECUNIA:18468
Reference: URL:http://secunia.com/advisories/18468
Reference: XF:faqomatic-fom-xss(24165)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24165

Votes:

Name: CVE-2006-0252

Description:
SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060115 [eVuln] Benders Calendar SQL Injection
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422052/100/0/threaded
Reference: MISC:http://evuln.com/vulns/30/summary.html
Reference: BID:16242
Reference: URL:http://www.securityfocus.com/bid/16242
Reference: FRSIRT:ADV-2006-0190
Reference: URL:http://www.frsirt.com/english/advisories/2006/0190
Reference: OSVDB:22449
Reference: URL:http://www.osvdb.org/22449
Reference: SECTRACK:1015491
Reference: URL:http://securitytracker.com/id?1015491
Reference: SECUNIA:18462
Reference: URL:http://secunia.com/advisories/18462
Reference: XF:benderscalendar-sql-injection(24120)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24120

Votes:

Name: CVE-2006-0253

Description:
Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060120 DMA[2006-0115a] - 'AmbiCom Bluetooth Object Push Overflow'
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422481/100/0/threaded
Reference: MISC:http://www.digitalmunition.com/DMA%5B2006-0115a%5D.txt
Reference: BID:16258
Reference: URL:http://www.securityfocus.com/bid/16258
Reference: FRSIRT:ADV-2006-0219
Reference: URL:http://www.frsirt.com/english/advisories/2006/0219
Reference: SECUNIA:18466
Reference: URL:http://secunia.com/advisories/18466
Reference: SREASON:366
Reference: URL:http://securityreason.com/securityalert/366
Reference: XF:ambicom-bluetooth-objectpush-bo(24179)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24179

Votes:

Name: CVE-2006-0254

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060115 Apache Geronimo 1.0 - CSS and persistent HTML-Injectionvulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/421996/100/0/threaded
Reference: MISC:http://issues.apache.org/jira/browse/GERONIMO-1474
Reference: MISC:http://www.oliverkarow.de/research/geronimo_css.txt
Reference: CONFIRM:https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12310181&styleName=Html&projectId=10220&Create=Create
Reference: REDHAT:RHSA-2008:0261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2008-0261.html
Reference: REDHAT:RHSA-2008:0630
Reference: URL:http://rhn.redhat.com/errata/RHSA-2008-0630.html
Reference: BID:16260
Reference: URL:http://www.securityfocus.com/bid/16260
Reference: FRSIRT:ADV-2006-0217
Reference: URL:http://www.frsirt.com/english/advisories/2006/0217
Reference: SECUNIA:18485
Reference: URL:http://secunia.com/advisories/18485
Reference: SECUNIA:31493
Reference: URL:http://secunia.com/advisories/31493
Reference: XF:geronimo-webaccesslog-viewer-xss(24159)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24159
Reference: XF:geronimo-jspexamples-xss(24158)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24158

Votes:

Name: CVE-2006-0255

Description:
Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422263/100/0/threaded
Reference: VULNWATCH:20060117 [ TZO-012006 ] Checkpoint VPN-1 SecureClient insecure usage of CreateProcess()
Reference: MISC:http://secdev.zoller.lu/research/checkpoint.txt
Reference: BID:16290
Reference: URL:http://www.securityfocus.com/bid/16290
Reference: FRSIRT:ADV-2006-0258
Reference: URL:http://www.frsirt.com/english/advisories/2006/0258

Votes:

Name: CVE-2006-0256

Description:
Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608

Votes:

Name: CVE-2006-0257

Description:
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22540
Reference: URL:http://www.osvdb.org/22540
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0258

Description:
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0259

Description:
Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22544
Reference: URL:http://www.osvdb.org/22544
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0260

Description:
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22543
Reference: URL:http://www.osvdb.org/22543
Reference: OSVDB:22643
Reference: URL:http://www.osvdb.org/22643
Reference: OSVDB:22637
Reference: URL:http://www.osvdb.org/22637
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0261

Description:
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 Oracle Database 10g Rel. 2 - Event 10053 logs TDE wallet password in cleartext
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422255/30/7430/threaded
Reference: MISC:http://www.red-database-security.com/advisory/oracle_tde_wallet_password.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321
Reference: XF:oracle-masterkey-plaintext(24168)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24168

Votes:

Name: CVE-2006-0262

Description:
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0263

Description:
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT:TA06-018A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-018A.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: CERT-VN:VU#870172
Reference: URL:http://www.kb.cert.org/vuls/id/870172
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22547
Reference: URL:http://www.osvdb.org/22547
Reference: OSVDB:22550
Reference: URL:http://www.osvdb.org/22550
Reference: OSVDB:22551
Reference: URL:http://www.osvdb.org/22551
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0264

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for "DB10". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20060118)
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0265

Description:
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22555
Reference: URL:http://www.osvdb.org/22555
Reference: OSVDB:22639
Reference: URL:http://www.osvdb.org/22639
Reference: OSVDB:22640
Reference: URL:http://www.osvdb.org/22640
Reference: OSVDB:22641
Reference: URL:http://www.osvdb.org/22641
Reference: OSVDB:22642
Reference: URL:http://www.osvdb.org/22642
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0266

Description:
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0267

Description:
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0268

Description:
Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0269

Description:
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22563
Reference: URL:http://www.osvdb.org/22563
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0270

Description:
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 Oracle Database 10g Rel. 2- Transparent Data Encryption plaintext masterkey in SGA
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422262/30/7400/threaded
Reference: MISC:http://www.red-database-security.com/advisory/oracle_tde_unencrypted_sga.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321
Reference: XF:oracle-sga-masterkey-plaintext(24186)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24186

Votes:

Name: CVE-2006-0271

Description:
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.

Status: Candidate
Phase: Assigned (20060118)
Reference: MISC:http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: OSVDB:22566
Reference: URL:http://www.osvdb.org/22566
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0272

Description:
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS.

Status: Candidate
Phase: Assigned (20060118)
Reference: FULLDISC:20060126 [Argeniss] Oracle Database Buffer overflows vulnerabilities in public procedures of XDB.DBMS_XMLSCHEMA{_INT}
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0893.html
Reference: MISC:http://www.argeniss.com/research/ARGENISS-ADV-010601.txt
Reference: MISC:http://www.integrigy.com/info/IntegrigySecurityAnalysis-CPU0106.pdf
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: MISC:http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html
Reference: CERT:TA06-018A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-018A.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: CERT-VN:VU#891644
Reference: URL:http://www.kb.cert.org/vuls/id/891644
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321
Reference: XF:oracle-xdbdbmx-xmlschema-bo(24376)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24376

Votes:

Name: CVE-2006-0273

Description:
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0274

Description:
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0275

Description:
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 Oracle Reports - Read parts of files via customize(fixed after 875 days)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422261/30/7430/threaded
Reference: MISC:http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0276

Description:
Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4) OCS04, 5) OCS05, 6) OCS06, 7) OCS07, (8) OCS08, and (9) OCS09 in the (a) Email Server component; 10) OCS10 (and (11) OCS11 in the (b) Oracle Collaboration Suite Wireless & Voice (component; 12) OCS12 and (13) OCS13 in the (c) Oracle Content (Management SDK component; 14) OCS14 and (15) OCS15 in the (d) Oracle (Content Services component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0277

Description:
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0278

Description:
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component; (2) APPS03 in the (b) iProcurement component; and (3) APPS04, (4) APPS05, and (5) APPS06 in the Oracle Application Object Library component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0279

Description:
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0280

Description:
Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0281

Description:
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0282

Description:
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0283

Description:
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0284

Description:
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0285

Description:
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0286

Description:
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0287

Description:
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0288

Description:
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0289

Description:
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal.

Status: Candidate
Phase: Assigned (20060118)
Reference: BUGTRAQ:20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422257/30/7430/threaded
Reference: BUGTRAQ:20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/422256/30/7430/threaded
Reference: MISC:http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html
Reference: MISC:http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0290

Description:
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0291

Description:
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html
Reference: CERT-VN:VU#545804
Reference: URL:http://www.kb.cert.org/vuls/id/545804
Reference: BID:16287
Reference: URL:http://www.securityfocus.com/bid/16287
Reference: FRSIRT:ADV-2006-0243
Reference: URL:http://www.frsirt.com/english/advisories/2006/0243
Reference: FRSIRT:ADV-2006-0323
Reference: URL:http://www.frsirt.com/english/advisories/2006/0323
Reference: SECTRACK:1015499
Reference: URL:http://securitytracker.com/id?1015499
Reference: SECUNIA:18493
Reference: URL:http://secunia.com/advisories/18493
Reference: SECUNIA:18608
Reference: URL:http://secunia.com/advisories/18608
Reference: XF:oracle-january2006-update(24321)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24321

Votes:

Name: CVE-2006-0292

Description:
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-01.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=316885
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Reference: DEBIAN:DSA-1044
Reference: URL:http://www.debian.org/security/2006/dsa-1044
Reference: DEBIAN:DSA-1046
Reference: URL:http://www.debian.org/security/2006/dsa-1046
Reference: DEBIAN:DSA-1051
Reference: URL:http://www.debian.org/security/2006/dsa-1051
Reference: FEDORA:FEDORA-2006-075
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00005.html
Reference: FEDORA:FEDORA-2006-076
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2006-February/msg00006.html
Reference: FEDORA:FLSA-2006:180036-2
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/425978/100/0/threaded
Reference: FEDORA:FLSA:180036-1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/425975/100/0/threaded
Reference: GENTOO:GLSA-200604-12
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-12.xml
Reference: GENTOO:GLSA-200604-18
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200604-18.xml
Reference: GENTOO:GLSA-200605-09
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200605-09.xml
Reference: HP:HPSBUX02122
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
Reference: HP:SSRT061158
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/438730/100/0/threaded
Reference: HP:HPSBUX02156
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: HP:SSRT061236
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: MANDRIVA:MDKSA-2006:036
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:036
Reference: MANDRIVA:MDKSA-2006:078
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:078
Reference: MANDRIVA:MDKSA-2006:037
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:037
Reference: REDHAT:RHSA-2006:0199
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0199.html
Reference: REDHAT:RHSA-2006:0200
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0200.html
Reference: REDHAT:RHSA-2006:0330
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0330.html
Reference: SCO:SCOSA-2006.26
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt
Reference: SGI:20060201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U
Reference: SUNALERT:102550
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102550-1
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: UBUNTU:USN-275-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-275-1
Reference: UBUNTU:USN-276-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-276-1
Reference: UBUNTU:USN-271-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-271-1
Reference: BID:16476
Reference: URL:http://www.securityfocus.com/bid/16476
Reference: FRSIRT:ADV-2006-0413
Reference: URL:http://www.frsirt.com/english/advisories/2006/0413
Reference: FRSIRT:ADV-2006-3391
Reference: URL:http://www.frsirt.com/english/advisories/2006/3391
Reference: FRSIRT:ADV-2006-3749
Reference: URL:http://www.frsirt.com/english/advisories/2006/3749
Reference: OVAL:oval:org.mitre.oval:def:670
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:670
Reference: SECTRACK:1015570
Reference: URL:http://securitytracker.com/id?1015570
Reference: SECUNIA:18700
Reference: URL:http://secunia.com/advisories/18700
Reference: SECUNIA:18703
Reference: URL:http://secunia.com/advisories/18703
Reference: SECUNIA:18704
Reference: URL:http://secunia.com/advisories/18704
Reference: SECUNIA:18708
Reference: URL:http://secunia.com/advisories/18708
Reference: SECUNIA:18709
Reference: URL:http://secunia.com/advisories/18709
Reference: SECUNIA:18705
Reference: URL:http://secunia.com/advisories/18705
Reference: SECUNIA:18706
Reference: URL:http://secunia.com/advisories/18706
Reference: SECUNIA:19230
Reference: URL:http://secunia.com/advisories/19230
Reference: SECUNIA:19759
Reference: URL:http://secunia.com/advisories/19759
Reference: SECUNIA:19821
Reference: URL:http://secunia.com/advisories/19821
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823
Reference: SECUNIA:19852
Reference: URL:http://secunia.com/advisories/19852
Reference: SECUNIA:19862
Reference: URL:http://secunia.com/advisories/19862
Reference: SECUNIA:19863
Reference: URL:http://secunia.com/advisories/19863
Reference: SECUNIA:19902
Reference: URL:http://secunia.com/advisories/19902
Reference: SECUNIA:19950
Reference: URL:http://secunia.com/advisories/19950
Reference: SECUNIA:19941
Reference: URL:http://secunia.com/advisories/19941
Reference: SECUNIA:19746
Reference: URL:http://secunia.com/advisories/19746
Reference: SECUNIA:21033
Reference: URL:http://secunia.com/advisories/21033
Reference: SECUNIA:21622
Reference: URL:http://secunia.com/advisories/21622
Reference: SECUNIA:19780
Reference: URL:http://secunia.com/advisories/19780
Reference: SECUNIA:20051
Reference: URL:http://secunia.com/advisories/20051
Reference: SECUNIA:22065
Reference: URL:http://secunia.com/advisories/22065
Reference: XF:mozilla-javascript-memory-corruption(24430)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24430

Votes:

Name: CVE-2006-0293

Description:
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects.

Votes:

Name: CVE-2006-0294

Description:
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-02.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=317934
Reference: HP:HPSBUX02156
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: HP:SSRT061236
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: BID:16476
Reference: URL:http://www.securityfocus.com/bid/16476
Reference: FRSIRT:ADV-2006-0413
Reference: URL:http://www.frsirt.com/english/advisories/2006/0413
Reference: FRSIRT:ADV-2006-3749
Reference: URL:http://www.frsirt.com/english/advisories/2006/3749
Reference: OVAL:oval:org.mitre.oval:def:1514
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1514
Reference: SECTRACK:1015570
Reference: URL:http://securitytracker.com/id?1015570
Reference: SECUNIA:18700
Reference: URL:http://secunia.com/advisories/18700
Reference: SECUNIA:18704
Reference: URL:http://secunia.com/advisories/18704
Reference: SECUNIA:22065
Reference: URL:http://secunia.com/advisories/22065
Reference: XF:mozilla-element-change-memory-corruption(24431)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24431

Votes:

Name: CVE-2006-0295

Description:
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-04.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=319296
Reference: HP:HPSBUX02156
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: HP:SSRT061236
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/446657/100/200/threaded
Reference: CERT:TA06-038A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA06-038A.html
Reference: CERT-VN:VU#759273
Reference: URL:http://www.kb.cert.org/vuls/id/759273
Reference: BID:16476
Reference: URL:http://www.securityfocus.com/bid/16476
Reference: FRSIRT:ADV-2006-0413
Reference: URL:http://www.frsirt.com/english/advisories/2006/0413
Reference: FRSIRT:ADV-2006-3749
Reference: URL:http://www.frsirt.com/english/advisories/2006/3749
Reference: OVAL:oval:org.mitre.oval:def:1562
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1562
Reference: SECTRACK:1015570
Reference: URL:http://securitytracker.com/id?1015570
Reference: SECUNIA:18700
Reference: URL:http://secunia.com/advisories/18700
Reference: SECUNIA:18704
Reference: URL:http://secunia.com/advisories/18704
Reference: SECUNIA:22065
Reference: URL:http://secunia.com/advisories/22065
Reference: XF:mozilla-queryinterface-memory-corruption(24433)
Reference: URL:http://xforce.iss.net/xforce/xfdb/24433

Votes:

Name: CVE-2006-0296

Description:
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file.

Status: Candidate
Phase: Assigned (20060118)
Reference: CONFIRM:http://www.mozilla.org/security/announce/2006/mfsa2006-05.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=319847
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm
Reference: DEBIAN:DSA-1044
Reference: URL:http://www.debian.org/security/2006/dsa-1044
Reference: DEBIAN: