Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4413 | 1 Apple | 1 Remote Desktop | 2011-03-08 | 7.2 HIGH | N/A |
| Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | |||||
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-4411 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.2 HIGH | N/A |
| The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2006-4447 | 1 X.org | 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more | 2011-03-08 | 7.2 HIGH | N/A |
| X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | |||||
| CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.5 HIGH | N/A |
| The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | |||||
| CVE-2006-4457 | 1 Phpecard | 1 Phpecard | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4155 | 1 Invision Power Services | 1 Invision Power Board | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." | |||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
| CVE-2006-4222 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | |||||
| CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2011-03-08 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2011-03-08 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | |||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2011-03-08 | 5.0 MEDIUM | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||||
| CVE-2006-4137 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | |||||
| CVE-2006-4441 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4442 | 1 Clemens Wacha | 1 Php Iaddressbook | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information. | |||||
| CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2011-03-08 | 10.0 HIGH | N/A |
| The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||||
| CVE-2006-4344 | 1 Cgi-rescue | 1 Mail F W System | 2011-03-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. | |||||
| CVE-2006-4401 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. | |||||
| CVE-2006-4400 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. | |||||
| CVE-2006-4294 | 1 Twiki | 1 Twiki | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2006-4398 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | |||||
| CVE-2006-4397 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. | |||||
| CVE-2006-4396 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | |||||
| CVE-2006-4451 | 1 Cj Design | 1 Cj Tag Board | 2011-03-08 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php. | |||||
| CVE-2006-4054 | 1 Ehmig | 1 Me Download System | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3667 | 1 Sybase | 1 Financial Fusion Consumer Banking Solution | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors. | |||||
| CVE-2006-3892 | 1 Emc | 1 Networker | 2011-03-08 | 10.0 HIGH | N/A |
| The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2006-3779 | 1 Citrix | 3 Metaframe, Metaframe Presentation Server, Presentation Server | 2011-03-08 | 6.5 MEDIUM | N/A |
| Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | |||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2011-03-08 | 7.5 HIGH | N/A |
| Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | |||||
| CVE-2006-3686 | 1 Hp | 1 Openvms | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash). | |||||
| CVE-2006-3822 | 1 Geodesicsolutions | 1 Geoauctions Enterprise | 2011-03-08 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||||
| CVE-2006-3992 | 1 Intel | 2 2200bg Proset Wireless, 2915abg Proset Wireless | 2011-03-08 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. | |||||
| CVE-2006-3615 | 1 Phorum | 1 Phorum | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable. | |||||
| CVE-2006-3671 | 1 Hyper Estraier | 1 Hyper Estraier | 2011-03-08 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors. | |||||
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2011-03-08 | 4.9 MEDIUM | N/A |
| The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | |||||
| CVE-2006-3902 | 1 Phpfaber | 1 Topsites | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3508 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates. | |||||
| CVE-2006-3398 | 1 Pkr Internet | 1 Taskjitsu | 2011-03-08 | 5.0 MEDIUM | N/A |
| The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. | |||||
| CVE-2006-3552 | 1 Ipswitch | 2 Ipswitch Collaboration Suite, Ipswitch Secure Server | 2011-03-08 | 6.4 MEDIUM | N/A |
| Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. | |||||
| CVE-2006-3484 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2011-03-08 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php. | |||||
| CVE-2006-3506 | 1 Apple | 3 Mac Os X, Mac Os X Server, Xsan | 2011-03-08 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." | |||||
| CVE-2006-3380 | 1 Freestyle | 1 Freestyle Wiki | 2011-03-08 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | |||||
| CVE-2006-3482 | 1 Phpmaillist | 1 Phpmaillist | 2011-03-08 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2006-3336 | 1 Twiki | 1 Twiki | 2011-03-08 | 4.0 MEDIUM | N/A |
| TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory. | |||||
| CVE-2006-3507 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network. | |||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2011-03-08 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | |||||
| CVE-2006-3509 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 7.2 HIGH | N/A |
| Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames. | |||||