Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0356 | 1 Ari Pikivirta | 1 Home Ftp Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command. | |||||
| CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2018-10-19 | 5.0 MEDIUM | N/A |
| TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | |||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2018-10-19 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | |||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2018-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2006-0363 | 1 Microsoft | 1 Msn Messenger | 2018-10-19 | 2.1 LOW | N/A |
| The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE. | |||||
| CVE-2006-0371 | 1 Noah Medling | 1 Rcblog | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter. | |||||
| CVE-2006-0372 | 1 Insane Visions | 1 Blogphp | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | |||||
| CVE-2006-0352 | 1 Fluffington | 1 Flog | 2018-10-19 | 5.0 MEDIUM | N/A |
| The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected. | |||||
| CVE-2006-0173 | 1 Hummingbird | 1 Enterprise Collaboration | 2018-10-19 | 4.0 MEDIUM | N/A |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content. | |||||
| CVE-2006-0156 | 1 Foxrum | 1 Foxrum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. | |||||
| CVE-2006-0174 | 1 Hummingbird | 2 Collaboration, Enterprise Collaboration | 2018-10-19 | 4.0 MEDIUM | N/A |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. | |||||
| CVE-2006-0194 | 1 Fog Creek Software | 1 Fogbugz | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. | |||||
| CVE-2006-0241 | 1 Webmobo | 1 Wbnews | 2018-10-19 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2006-0225 | 1 Openbsd | 1 Openssh | 2018-10-19 | 4.6 MEDIUM | N/A |
| scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | |||||
| CVE-2006-0224 | 1 Libast | 1 Libast | 2018-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name). | |||||
| CVE-2006-0222 | 1 Alstrasoft | 1 Template Seller | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. | |||||
| CVE-2006-0221 | 1 Ddsn | 1 Cm3cms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | |||||
| CVE-2006-0220 | 1 Codeworx Technologies | 1 Dcp-portal | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13. | |||||
| CVE-2006-0204 | 1 Wordcircle | 1 Wordcircle | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. | |||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | |||||
| CVE-2006-0197 | 1 X.org | 1 X.org | 2018-10-19 | 5.0 MEDIUM | N/A |
| The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. | |||||
| CVE-2006-0196 | 1 Serial Line Sniffer | 1 Serial Line Sniffer | 2018-10-19 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. | |||||
| CVE-2006-0193 | 1 Positive Software | 1 H-sphere | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. | |||||
| CVE-2006-0189 | 1 Estara | 1 Softphone | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | |||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2018-10-19 | 5.1 MEDIUM | N/A |
| By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | |||||
| CVE-2006-0296 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-19 | 5.0 MEDIUM | N/A |
| The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. | |||||
| CVE-2006-0183 | 1 Acal | 1 Calendar Project | 2018-10-19 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. | |||||
| CVE-2006-0182 | 1 Acal | 1 Calendar Project | 2018-10-19 | 7.5 HIGH | N/A |
| login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | |||||
| CVE-2006-0180 | 1 Calogic | 1 Calogic Calendars | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. | |||||
| CVE-2006-0210 | 1 Interspire | 1 Trackpoint Nx | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page. | |||||
| CVE-2006-0176 | 1 Xmame | 1 Xmame | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. | |||||
| CVE-2006-0172 | 1 Hummingbird | 1 Enterprise Collaboration | 2018-10-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. | |||||
| CVE-2006-0171 | 1 Orjinweb | 1 Orjinweb E-commerce | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. | |||||
| CVE-2006-0169 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 7.5 HIGH | N/A |
| addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory. | |||||
| CVE-2006-0168 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page. | |||||
| CVE-2006-0295 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-19 | 5.1 MEDIUM | N/A |
| Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. | |||||
| CVE-2006-0167 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page. | |||||
| CVE-2006-0211 | 1 Helm Hosting | 1 Helm Hosting Control Panel | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm Hosting Control Panel 3.2.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the txtEmailAddress parameter. | |||||
| CVE-2006-0212 | 1 Toshiba | 1 Bluetooth Stack | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. (dot dot) sequences, as demonstrated by ..\\ sequences in the RFILE argument of ussp-push. | |||||
| CVE-2006-0294 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-19 | 7.5 HIGH | N/A |
| Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. | |||||
| CVE-2006-0293 | 1 Mozilla | 1 Firefox | 2018-10-19 | 7.5 HIGH | N/A |
| The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | |||||
| CVE-2006-0209 | 1 Tanklogger | 1 Tanklogger | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | |||||
| CVE-2006-0292 | 1 Mozilla | 2 Firefox, Mozilla | 2018-10-19 | 7.5 HIGH | N/A |
| The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | |||||
| CVE-2006-0255 | 1 Checkpoint | 1 Vpn-1 | 2018-10-19 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. | |||||
| CVE-2006-0254 | 1 Apache | 1 Geronimo | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. | |||||
| CVE-2006-0253 | 1 Ambicom | 1 Blue Neighbors | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in the Bluetooth OBEX Object Push service in "Blue Neighbors.EXE" in AmbiCom Blue Neighbors 2.50 Build 2500 and earlier allows remote attackers to execute arbitrary code via a long file name, as demonstrated via a long RFILE argument to ussp-push. | |||||
| CVE-2006-0252 | 1 Benders Calendar | 1 Benders Calendar | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Benders Calendar 1.0 allows remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by the (1) year, (2) month, and (3) day parameters. | |||||
| CVE-2006-0250 | 1 Carnegie Mellon University | 1 Snmptrapd | 2018-10-19 | 6.4 MEDIUM | N/A |
| Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162. | |||||
| CVE-2006-0244 | 1 Phpxplorer | 1 Phpxplorer | 2018-10-19 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in workspaces.php in phpXplorer 0.9.33 allows remote attackers to include arbitrary files via a .. (dot dot) and trailing null byte (%00) in the sShare parameter. NOTE: a followup post claims that this is not a vulnerability since the functionality of phpXplorer supports the upload of PHP files, which would not cross privilege boundaries since the PHP functionality would support read access outside the web root. | |||||
| CVE-2006-0242 | 1 Php Fusebox | 1 Php Fusebox | 2018-10-19 | 6.4 MEDIUM | N/A |
| Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter. | |||||