Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0640 | 1 Orbicule | 1 Undercover | 2018-10-19 | 2.1 LOW | N/A |
| Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon. | |||||
| CVE-2006-0639 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. | |||||
| CVE-2006-0584 | 1 Peoplesoft | 1 Peopletools | 2018-10-19 | 2.1 LOW | N/A |
| The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings. | |||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | |||||
| CVE-2006-0589 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 5.0 MEDIUM | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | |||||
| CVE-2006-0590 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 5.0 MEDIUM | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax. | |||||
| CVE-2006-0610 | 1 2200net | 1 2200net Calendar | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php. | |||||
| CVE-2006-0609 | 1 Hinton Design | 1 Phphd | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Hinton Design phphd 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-0638 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. | |||||
| CVE-2006-0637 | 1 Qualcomm | 1 Eudora Worldmail | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. NOTE: this is a different vector and a different manipulation than CVE-2005-4267, so it might be a different vulnerability than CVE-2005-4267. | |||||
| CVE-2006-0634 | 1 Borland Software | 1 C\+\+ Builder | 2018-10-19 | 4.6 MEDIUM | N/A |
| Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0635 | 1 Fabrice Bellard | 1 Tiny C Compiler | 2018-10-19 | 4.6 MEDIUM | N/A |
| Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0605 | 1 Unknown Domain | 1 Shoutbox | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain Shoutbox 2005.07.21 allow remote attackers to inject arbitrary web script or HTML, possibly via the (1) Handle or (2) Message fields. | |||||
| CVE-2006-0606 | 1 Unknown Domain | 1 Shoutbox | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-0607 | 1 Hinton Design | 1 Phphd | 2018-10-19 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-0608 | 1 Hinton Design | 1 Phphd | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database. | |||||
| CVE-2006-0636 | 1 Eyeos Project | 1 Eyeos | 2018-10-19 | 7.5 HIGH | N/A |
| desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable. | |||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | |||||
| CVE-2006-0703 | 1 Imagevue | 1 Imagevue | 2018-10-19 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. | |||||
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | |||||
| CVE-2006-0473 | 1 My Little Homepage | 1 My Little Weblog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | |||||
| CVE-2006-0708 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 9.3 HIGH | N/A |
| Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | |||||
| CVE-2006-0713 | 1 Linpha | 1 Linpha | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal. | |||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | |||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | |||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
| CVE-2006-0721 | 1 Runcms | 1 Runcms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | |||||
| CVE-2006-0722 | 1 Reamday Enterprises | 1 Magic Downloads | 2018-10-19 | 2.6 LOW | N/A |
| settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized. | |||||
| CVE-2006-0729 | 1 Teca Scripts | 1 Teca Diary | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions.php in Teca Diary PE 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) yy, (2) mm, and (3) dd parameters. | |||||
| CVE-2006-0731 | 1 Sap | 1 Business Connector | 2018-10-19 | 4.0 MEDIUM | N/A |
| WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | |||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2018-10-19 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means. | |||||
| CVE-2006-0733 | 1 Wordpress | 1 Wordpress | 2018-10-19 | 2.6 LOW | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability. | |||||
| CVE-2006-0735 | 2 Fuzzymonkey, M Blom | 2 My Blog, Html-bbcode | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag. | |||||
| CVE-2006-0495 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable). | |||||
| CVE-2006-0494 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter. | |||||
| CVE-2006-0493 | 1 Thomas Rybak | 1 Mg2 | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture. | |||||
| CVE-2006-0684 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 7.5 HIGH | N/A |
| change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access. | |||||
| CVE-2006-0683 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file. | |||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | |||||
| CVE-2006-0500 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL. | |||||
| CVE-2006-0501 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user. | |||||
| CVE-2006-0502 | 1 Farsinews | 1 Farsinews | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter. | |||||
| CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | |||||
| CVE-2006-0678 | 1 Postgresql | 1 Postgresql | 2018-10-19 | 1.5 LOW | N/A |
| PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. | |||||
| CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0677 | 1 Kth | 1 Heimdal | 2018-10-19 | 7.8 HIGH | N/A |
| telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. | |||||
| CVE-2006-0505 | 1 Zbattle.net | 1 Zbattle Client | 2018-10-19 | 5.0 MEDIUM | N/A |
| zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game. | |||||
| CVE-2006-0506 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | |||||