Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0117 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 10.0 HIGH | N/A |
| DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation. | |||||
| CVE-2006-6915 | 1 Ibm | 1 Aix | 2011-03-08 | 4.0 MEDIUM | N/A |
| ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. | |||||
| CVE-2006-6914 | 1 Ibm | 1 Aix | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors. | |||||
| CVE-2006-6913 | 1 Phpmyfaq | 1 Phpmyfaq | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors. | |||||
| CVE-2006-6892 | 1 Jonathon Freeman | 1 Ovbb | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest variable. | |||||
| CVE-2006-6870 | 1 Avahi | 1 Avahi | 2011-03-08 | 5.0 MEDIUM | N/A |
| The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. | |||||
| CVE-2006-6858 | 1 Miredo | 1 Miredo | 2011-03-08 | 6.8 MEDIUM | N/A |
| Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client. | |||||
| CVE-2006-6834 | 1 Joomla | 1 Joomla | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." | |||||
| CVE-2006-6833 | 1 Joomla | 1 Joomla | 2011-03-08 | 7.5 HIGH | N/A |
| com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6825 | 1 Mxmania | 1 Calendar Mx Basic | 2011-03-08 | 7.5 HIGH | N/A |
| Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6829 | 1 Efkan Forum | 1 Efkan Forum | 2011-03-08 | 7.8 HIGH | N/A |
| Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6987 | 1 Softinform | 1 Finebrowser | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6828 | 1 Efkan Forum | 1 Efkan Forum | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794. | |||||
| CVE-2006-6814 | 1 Hosting Controller | 1 Hosting Controller | 2011-03-08 | 6.3 MEDIUM | N/A |
| Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. | |||||
| CVE-2006-6986 | 1 Phaseout | 1 Phaseout | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6985 | 1 Maxthon | 1 Maxthon | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6984 | 1 More Quick Tools | 1 Greenbrowser | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-7057 | 1 Sphider | 1 Sphider | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue might be primary to CVE-2006-2506.2. | |||||
| CVE-2006-7058 | 1 Sphider | 1 Sphider | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_form.html and (2) templates/dark/search_form.html. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6983 | 1 Myweb4net | 1 Myweb4net Browser | 2011-03-08 | 5.0 MEDIUM | N/A |
| Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6989 | 1 Netcaptor | 1 Netcaptor | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-7092 | 1 Mamboxchange | 1 Laithai | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter. | |||||
| CVE-2006-7045 | 1 Cmpro Team | 1 Clan Manager Pro | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the (1) rootpath and possibly (2) sitepath parameters to (a) cmpro.ext/comment.core.inc.php and (b) cmpro.intern/comment.core.inc.php. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6993 | 1 Dev | 1 Neuron Blog | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6968 | 1 Phorum | 1 Phorum | 2011-03-08 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-7093 | 1 Mamboxchange | 1 Laithai | 2011-03-08 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6992 | 1 Gosurf Browser | 1 Gosurf Browser | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6991 | 1 Fast Browser | 1 Fast Browser | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6944 | 1 Phpmyadmin | 1 Phpmyadmin | 2011-03-08 | 7.5 HIGH | N/A |
| phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny access rules that use IP addresses via false headers. | |||||
| CVE-2006-6940 | 1 Owa | 1 Owa | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message. | |||||
| CVE-2006-6990 | 1 Advanced Search Technologies Inc. | 1 Enigma Browser | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6923 | 1 Bitweaver | 1 Bitweaver | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the tk parameter. | |||||
| CVE-2006-6922 | 1 Deadlock User Management System | 1 Deadlock User Management System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6988 | 1 Flashpeak | 1 Slim Browser | 2011-03-08 | 7.8 HIGH | N/A |
| Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | |||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | |||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2011-03-08 | 7.5 HIGH | N/A |
| The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | |||||
| CVE-2006-6672 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | |||||
| CVE-2006-6466 | 1 Wikyblog | 1 Wikyblog | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use. | |||||
| CVE-2006-6663 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." | |||||
| CVE-2006-6664 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2011-03-08 | 4.3 MEDIUM | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | |||||
| CVE-2006-6651 | 1 Intel | 1 2200bg Proset Wireless | 2011-03-08 | 6.8 MEDIUM | N/A |
| Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information. | |||||
| CVE-2006-6668 | 1 Verliadmin | 1 Verliadmin | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6667 | 1 Verliadmin | 1 Verliadmin | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6647 | 1 Drupal | 1 Drupal Mysite | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6629 | 1 Webwork | 1 Program Generation Language | 2011-03-08 | 7.5 HIGH | N/A |
| lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. | |||||
| CVE-2006-6646 | 1 Drupal | 2 Drupal Project, Drupal Project Issue Tracking | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. | |||||
| CVE-2006-6481 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | |||||