Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2017-07-29 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6614 | 2 Debian, Thomas Lange | 2 Debian Linux, Fully Automated Installation | 2017-07-29 | 1.9 LOW | N/A |
| The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | |||||
| CVE-2006-6610 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 7.5 HIGH | N/A |
| clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | |||||
| CVE-2006-6609 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 5.0 MEDIUM | N/A |
| Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6608 | 1 Hp | 2 Proliant Integrated Lights Out, Proliant Integrated Lights Out 2 | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | |||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2017-07-29 | 2.7 LOW | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | |||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-7018 | 1 Oliver Georgi | 1 Phpwcms | 2017-07-29 | 10.0 HIGH | N/A |
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | |||||
| CVE-2006-6594 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter. | |||||
| CVE-2006-6584 | 1 Italkplus | 1 Italkplus | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6582 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2017-07-29 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2006-6573 | 1 Citrix | 1 Access Gateway | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. | |||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | |||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2017-07-29 | 7.5 HIGH | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||||
| CVE-2006-6555 | 1 Easyfill | 1 Easyfill | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6547 | 1 Mlipod | 1 Winamp Ipod Plugin | 2017-07-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. | |||||
| CVE-2006-6533 | 1 Oscommerce | 1 Oscommerce | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages. | |||||
| CVE-2006-6532 | 1 Vt-forum | 1 Vt-forum Lite | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. | |||||
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6540 | 1 Bluetrait | 1 Bluetrait | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6525 | 1 Ezhrs | 1 Hr Assist | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6522 | 1 Wikitimescale | 1 Twozero | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2017-07-29 | 6.8 MEDIUM | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | |||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2017-07-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2017-07-29 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | |||||
| CVE-2006-6461 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2017-07-29 | 7.8 HIGH | N/A |
| tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508. | |||||
| CVE-2006-6460 | 2 Short Url, Url Tracker Script | 2 Short Url, Url Tracker Script | 2017-07-29 | 10.0 HIGH | N/A |
| Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509. | |||||
| CVE-2006-6484 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-07-29 | 5.0 MEDIUM | N/A |
| The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6454 | 1 J-owamp | 1 Web Interface | 2017-07-29 | 10.0 HIGH | N/A |
| execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6488 | 1 Iconics | 1 Dialog Wrapper Module Activex Control | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | |||||
| CVE-2006-6452 | 1 Myarticles | 1 Myarticles | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. | |||||
| CVE-2006-6450 | 1 Novell | 1 Zenworks Patch Management Server | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | |||||
| CVE-2006-6449 | 1 Vt-forum | 1 Vt-forum Lite | 2017-07-29 | 6.4 MEDIUM | N/A |
| Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6448 | 1 Vt-forum | 1 Vt-forum | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6446 | 1 Iware | 1 Iware Professional | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6444 | 1 Divx | 1 Divx Player | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6432 | 1 Xerox | 1 Workcentre | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors. | |||||
| CVE-2006-6430 | 1 Xerox | 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more | 2017-07-29 | 7.8 HIGH | N/A |
| Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic. | |||||
| CVE-2006-6429 | 1 Xerox | 1 Workcentre | 2017-07-29 | 5.0 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | |||||
| CVE-2006-6428 | 1 Xerox | 1 Workcentre | 2017-07-29 | 7.5 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions." | |||||
| CVE-2006-6422 | 1 Agileco | 2 Agilebill, Agilevoice | 2017-07-29 | 5.0 MEDIUM | N/A |
| Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6420 | 1 Ryan Demmer | 1 Joomla Content Editor | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6419 | 1 Ryan Demmer | 1 Joomla Content Editor | 2017-07-29 | 7.5 HIGH | N/A |
| jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6416 | 1 Phpleague - Univert | 1 Phpleague | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6403 | 1 Mystats | 1 Mystats | 2017-07-29 | 5.0 MEDIUM | N/A |
| mystats.php in MyStats 1.0.8 and earlier allows remote attackers to obtain the installation path via (1) details and (2) by array parameters, probably resulting in a path disclosure in an error message. | |||||
| CVE-2006-6394 | 1 Jonas Gauffin | 1 Publicera | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in certain database classes in Jonas Gauffin Publicera 1.0-rc2 and earlier might allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||