Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3819 | 1 Twiki | 1 Twiki | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". | |||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4048 | 1 Netious Cms | 1 Netious Cms | 2017-07-20 | 7.5 HIGH | N/A |
| Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4049 | 1 Sun | 1 Ray Server Software | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. | |||||
| CVE-2006-3783 | 1 Sun | 1 Solaris | 2017-07-20 | 4.9 MEDIUM | N/A |
| Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. | |||||
| CVE-2006-3927 | 1 Php Pro Bid | 1 Php Pro Bid | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter. | |||||
| CVE-2006-4056 | 2 The Address Book, The Address Book Reloaded | 2 The Address Book, The Address Book Reloaded | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information. | |||||
| CVE-2006-4083 | 1 Mywebland | 1 Myevent | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3760 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-3759 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." | |||||
| CVE-2006-3758 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. | |||||
| CVE-2006-3755 | 1 Flushcms | 1 Flushcms | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4085 | 1 Olaf Noehring | 1 The Search Engine Project | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3734 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 7.2 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root. | |||||
| CVE-2006-3732 | 1 Cisco | 1 Cs-mars | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information. | |||||
| CVE-2006-3726 | 1 Intervations | 1 Filecopa | 2017-07-20 | 6.5 MEDIUM | N/A |
| Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command. | |||||
| CVE-2006-3696 | 1 Agnitum | 1 Outpost Firewall | 2017-07-20 | 2.1 LOW | N/A |
| filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe. | |||||
| CVE-2006-3695 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 6.8 MEDIUM | N/A |
| Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458. | |||||
| CVE-2006-4087 | 1 Mojoscripts | 1 Mojogallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3682 | 1 Awstats | 1 Awstats | 2017-07-20 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. | |||||
| CVE-2006-3674 | 1 Armagetron | 1 Armagetron Advanced | 2017-07-20 | 7.8 HIGH | N/A |
| nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a large number handled by the id_req_handler function. | |||||
| CVE-2006-3673 | 1 Armagetron | 1 Armagetron Advanced | 2017-07-20 | 5.0 MEDIUM | N/A |
| nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service (application crash) via a large owner value, which causes an assert error. | |||||
| CVE-2006-3672 | 1 Kde | 1 Konqueror | 2017-07-20 | 2.6 LOW | N/A |
| KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0 (zero) argument. | |||||
| CVE-2006-3926 | 1 Php Pro Bid | 1 Php Pro Bid | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php. | |||||
| CVE-2006-4104 | 1 Mojoscripts | 1 Mojogallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." | |||||
| CVE-2006-4107 | 1 Drupal | 1 Job Search | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | |||||
| CVE-2006-3925 | 1 Interactual Technologies | 1 Interactual Player | 2017-07-20 | 6.4 MEDIUM | N/A |
| Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4108 | 1 Drupal | 1 Bibliography Module | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-3666 | 1 Myiosoft.com | 1 Ajaxportal | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006-3515. | |||||
| CVE-2006-3665 | 1 Squirrelmail | 1 Squirrelmail | 2017-07-20 | 4.3 MEDIUM | N/A |
| SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this. | |||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4117 | 1 Sun | 1 Solaris | 2017-07-20 | 5.4 MEDIUM | N/A |
| The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. | |||||
| CVE-2006-3681 | 1 Awstats | 1 Awstats | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. | |||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2017-07-20 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. | |||||
| CVE-2006-4139 | 1 Sun | 1 Solaris | 2017-07-20 | 5.4 MEDIUM | N/A |
| Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. | |||||
| CVE-2006-4165 | 1 Netcommons | 1 Netcommons | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3921 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | |||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2017-07-20 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | |||||
| CVE-2006-3594 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542. | |||||
| CVE-2006-3593 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 4.0 MEDIUM | N/A |
| The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704. | |||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | |||||
| CVE-2006-4175 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2017-07-20 | 7.8 HIGH | N/A |
| The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2006-4181 | 1 Gnu | 1 Radius | 2017-07-20 | 10.0 HIGH | N/A |
| Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-3574 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). | |||||
| CVE-2006-3570 | 1 Drupal | 1 Drupal | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3566 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 5.0 MEDIUM | N/A |
| search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters. | |||||
| CVE-2006-3565 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter. | |||||