Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0745 | 5 Mandrakesoft, Redhat, Sun and 2 more | 6 Mandrake Linux, Fedora Core, Solaris and 3 more | 2018-10-19 | 7.2 HIGH | N/A |
| X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. | |||||
| CVE-2006-0761 | 1 Rim | 1 Blackberry Enterprise Server | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. | |||||
| CVE-2006-2572 | 1 Dian Gemilang | 1 Dgbook | 2018-10-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | |||||
| CVE-2006-0687 | 1 Docmgr | 1 Docmgr | 2018-10-19 | 5.0 MEDIUM | N/A |
| process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable. | |||||
| CVE-2006-0686 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 10.0 HIGH | N/A |
| add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-0688 | 1 Nicecoder | 1 Indexu | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in application.php in nicecoder.com indexu 5.0.0 and 5.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | |||||
| CVE-2006-0689 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter. | |||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-0484 | 1 Elido | 1 Face Control | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p. | |||||
| CVE-2006-0655 | 1 Hinton Design | 1 Phpht Topsites | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2018-10-19 | 7.5 HIGH | N/A |
| check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | |||||
| CVE-2006-0526 | 1 Aol | 1 Aol Client Software | 2018-10-19 | 7.2 HIGH | N/A |
| The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program. | |||||
| CVE-2006-0529 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. | |||||
| CVE-2006-0530 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. | |||||
| CVE-2006-0690 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | |||||
| CVE-2006-0534 | 1 Cybershop | 1 Asp Ultimate E-commerce Script | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in CyberShop Ultimate E-commerce allow remote attackers to inject arbitrary web script or HTML via the (1) ortak or (2) kat parameter. | |||||
| CVE-2006-0536 | 1 Neomail | 1 Neomail | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort". | |||||
| CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. | |||||
| CVE-2006-0538 | 1 Ciphertrust | 1 Ironmail | 2018-10-19 | 2.6 LOW | N/A |
| CipherTrust IronMail 5.0.1, when "Denial of Service Protection" is enabled, allows remote attackers to cause a denial of service (possibly CPU consumption) via a SYN flood with malformed TCP packets from multiple connections. | |||||
| CVE-2006-0539 | 1 Thibault Godouet | 1 Fcron | 2018-10-19 | 4.6 MEDIUM | N/A |
| The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data." | |||||
| CVE-2006-0540 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | |||||
| CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | |||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 5.0 MEDIUM | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | |||||
| CVE-2006-0693 | 1 Roberto Butti | 1 Calimba | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters. | |||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. | |||||
| CVE-2006-0546 | 1 Egeinternet | 1 Egeinternet | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE. | |||||
| CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2018-10-19 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | |||||
| CVE-2006-0645 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2018-10-19 | 7.5 HIGH | N/A |
| Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | |||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | |||||
| CVE-2006-0643 | 1 Wiredred | 1 E Pop Web Conferencing | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference. | |||||
| CVE-2006-0642 | 1 Trend Micro | 3 Interscan Messaging Security Suite, Interscan Web Security Suite, Serverprotect | 2018-10-19 | 5.1 MEDIUM | N/A |
| Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. | |||||
| CVE-2006-0632 | 1 Phpbb Group | 1 Phpbb | 2018-10-19 | 6.4 MEDIUM | N/A |
| The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. | |||||
| CVE-2006-0562 | 1 Pluggedout | 1 Pluggedout Blog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. | |||||
| CVE-2006-0563 | 1 Pluggedout | 1 Pluggedout Blog | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action. | |||||
| CVE-2006-0630 | 1 Ritlabs | 1 The Bat | 2018-10-19 | 5.0 MEDIUM | N/A |
| RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers. | |||||
| CVE-2006-0566 | 1 Communigate | 1 Communigate Pro Core Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements. | |||||
| CVE-2006-0629 | 1 Aol | 1 Instant Messenger | 2018-10-19 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. | |||||
| CVE-2006-0568 | 1 Outblaze | 1 Outblaze | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2006-0628 | 1 Dale Ray | 1 Myquiz | 2018-10-19 | 7.5 HIGH | N/A |
| myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable. | |||||
| CVE-2006-0570 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface. | |||||
| CVE-2006-0571 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. | |||||
| CVE-2006-0572 | 1 Hinton Design | 1 Phpstatus | 2018-10-19 | 7.5 HIGH | N/A |
| phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-0627 | 1 Clever Copy | 1 Clever Copy | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats. | |||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | |||||
| CVE-2006-0624 | 1 Webeveyn | 1 Whomp Real Estate Manager Xp 2005 | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2006-0576 | 1 Maynard Johnson | 1 Oprofile | 2018-10-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability. | |||||
| CVE-2006-0577 | 1 Lexmark | 1 X1185 | 2018-10-19 | 7.2 HIGH | N/A |
| Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. | |||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2018-10-19 | 2.6 LOW | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | |||||