Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5385 | 1 Spamoborona | 1 Spamoborona | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_spam.php in the SpamOborona 1.0b and earlier phpBB module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5370 | 1 Oracle | 1 E-business Suite | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS06 for Oracle CRM Gateway for Mobile Devices and (2) APPS08 for Oracle iStore. | |||||
| CVE-2006-5371 | 1 Oracle | 1 E-business Suite | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Email Center component in Oracle E-Business Suite 11.5.9 has unknown impact and remote authenticated attack vectors, aka Vuln# APPS07. | |||||
| CVE-2006-5372 | 1 Oracle | 1 E-business Suite | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10 up to 11.5.10CU2 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) APPS11 for Oracle Universal Work Queue and (2) APPS12 for Oracle Application Object Library. | |||||
| CVE-2006-5374 | 1 Oracle | 1 Pharmaceutical | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 has unknown impact and remote authenticated attack vectors, aka Vuln# PHAR01. | |||||
| CVE-2006-5375 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.46 GA, 8.47 GA, 8.48 GA, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote attack vectors, aka Vuln# (1) PSE01, (2) PSE02, and (3) PSE03. | |||||
| CVE-2006-5376 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-17 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in PeopleTools component in Oracle PeopleSoft Enterprise 8.22 GA, 8.46 GA, 8.47 GA, 8.48 GA, 8.22.11, 8.46.15, 8.47.09, and 8.48.03 have unknown impact and remote authenticated attack vectors, aka Vuln# (1) PSE04, (2) PSE06, (3) PSE07, and (4) PSE08. | |||||
| CVE-2006-5377 | 1 Oracle | 1 Peoplesoft Enterprise | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft Enterprise 8.80 GA, 8.90 GA, 8.8 Bundle 11, and 8.9 Bundle 4 has unknown impact and remote authenticated attack vectors, aka Vuln# PSE05. | |||||
| CVE-2006-5378 | 1 Oracle | 1 Enterpriseone | 2018-10-17 | 9.0 HIGH | N/A |
| Unspecified vulnerability in JD Edwards HTML Server in JD Edwards EnterpriseOne SP23_O2, 8.95.P1, and 8.96.D1 has unknown impact and remote authenticated attack vectors, aka Vuln# JDE01. | |||||
| CVE-2006-5379 | 1 Nvidia | 1 Binary Graphics Driver | 2018-10-17 | 7.5 HIGH | N/A |
| The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations. | |||||
| CVE-2006-5381 | 1 Contenido | 1 Contendio | 2018-10-17 | 5.0 MEDIUM | N/A |
| Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory. | |||||
| CVE-2006-5380 | 1 Contenido | 1 Contendio | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Remote file inclusion vulnerability in Contenido CMS allows remote attackers to execute arbitrary PHP code via a URL in the contenido_path parameter to (1) cms/dbfs.php or (2) cms/front_content.php. NOTE: CVE disputes this issue for version 4.6.15, because $contenido_path is set to a static value. | |||||
| CVE-2006-5444 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.5 HIGH | N/A |
| Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow. | |||||
| CVE-2006-5410 | 1 Boonex | 1 Dolphin | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189. | |||||
| CVE-2006-5407 | 1 Osticket | 1 Osticket | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | |||||
| CVE-2006-5405 | 1 Toshiba | 1 Bluetooth Wireless Device Driver | 2018-10-17 | 6.2 MEDIUM | N/A |
| Unspecified vulnerability in Toshiba Bluetooth wireless device driver 3.x and 4 through 4.00.35, as used in multiple products, allows physically proximate attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via crafted Bluetooth packets. | |||||
| CVE-2006-5415 | 1 News Defilante Horizontale | 1 News Defilante Horizontale | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5417 | 1 Mcafee | 4 Internet Security Suite, Network Agent, Personal Firewall Plus and 1 more | 2018-10-17 | 5.0 MEDIUM | N/A |
| McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, possibly because of an invalid string position field value. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5409 | 1 Mobilesecure Inc | 2 Highwall Endpoint, Highwall Enterprise | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5416 | 1 F5 | 1 Firepass 1000 | 2018-10-17 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter. | |||||
| CVE-2006-5445 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the SIP channel driver (channels/chan_sip.c) in Asterisk 1.2.x before 1.2.13 and 1.4.x before 1.4.0-beta3 allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors that result in the creation of "a real pvt structure" that uses more resources than necessary. | |||||
| CVE-2006-5411 | 1 Justin White | 1 Freewps | 2018-10-17 | 7.5 HIGH | N/A |
| Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs. | |||||
| CVE-2006-5282 | 1 Sh-news | 1 Sh-news | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the scriptpath parameter to (1) report.php, (2) archive.php, (3) comments.php, (4) init.php, or (5) news.php. | |||||
| CVE-2006-5285 | 1 Xeoport | 1 Xeoport | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xp_body_text parameter. | |||||
| CVE-2006-5287 | 1 Xeobook | 1 Xeobook | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters. | |||||
| CVE-2006-5289 | 1 Vtiger | 1 Vtiger Crm | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. | |||||
| CVE-2006-5431 | 1 Phpoutsourcing | 1 Zorum | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter. | |||||
| CVE-2006-5448 | 1 Microsoft | 1 Windows Digital Rights Management | 2018-10-17 | 7.5 HIGH | N/A |
| The drmstor.dll ActiveX object in Microsoft Windows Digital Rights Management System (DRM) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long parameter to the StoreLicense function, which triggers "memory corruption" and possibly a buffer overflow. | |||||
| CVE-2006-5442 | 1 Viewvc | 1 Viewvc | 2018-10-17 | 6.8 MEDIUM | N/A |
| ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting (XSS) attacks that inject arbitrary UTF-7 encoded JavaScript code via a view. | |||||
| CVE-2006-5447 | 1 Dev | 1 Dev Web Management System | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DEV Web Management System (WMS) 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2006-5450 | 1 Kinesis | 1 Kinesis Interactive Cinema System | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters. | |||||
| CVE-2006-5437 | 1 Phpadsnew | 1 Phpadsnew | 2018-10-17 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Directory traversal vulnerability in upgrade.php in phpAdsNew 2.0.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the phpAds_config[language] parameter. NOTE: this issue could not be reproduced by a third party. | |||||
| CVE-2006-5435 | 1 Phpbb Group | 1 Phpbb | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use. | |||||
| CVE-2006-5452 | 1 Hp | 2 Hp-ux, Tru64 | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX B.11.00 through B.11.23 allows local users to execute arbitrary code via a long -a (aka attachment) argument. | |||||
| CVE-2006-5261 | 1 Phpmynews | 1 Phpmynews | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cfg_include_dir parameter in (1) disp_form.php3, (2) disp_smileys.php3, (3) little_news.php3, and (4) index.php3 in include/. | |||||
| CVE-2006-5076 | 1 Back-end | 1 Back-end Cms | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php. | |||||
| CVE-2006-5081 | 1 Jl Webworks | 1 Quickblogger | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-5085 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 7.5 HIGH | N/A |
| Static code injection vulnerability in config.php in Blog Pixel Motion 2.1.1 allows remote attackers to execute arbitrary PHP code via the nom_blog parameter, which is injected into include/variables.php. | |||||
| CVE-2006-5204 | 1 Invision Power Services | 1 Invision Power Board | 2018-10-17 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in action_admin/member.php in Invision Power Board (IPB) 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery (CSRF) attack involving forced SQL execution by an admin. | |||||
| CVE-2006-5086 | 1 Pixel Motion | 1 Pixel Motion Blog | 2018-10-17 | 6.4 MEDIUM | N/A |
| Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the original researcher, but it is not. | |||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2018-10-17 | 7.8 HIGH | N/A |
| ** DISPUTED ** Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not." | |||||
| CVE-2006-5088 | 1 Phpheaven | 1 Phpmychat | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter. | |||||
| CVE-2006-5091 | 1 Hp | 1 Hp-ux | 2018-10-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. | |||||
| CVE-2006-5094 | 1 Phpbb Xs | 1 Phpbb Xs | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893. | |||||
| CVE-2006-5095 | 1 Myphotos | 1 Myphotos | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in MyPhotos 0.1.3b beta allows remote attackers to execute arbitrary PHP code via the includesdir parameter. NOTE: this issue is disputed by CVE on 20060927, since the includesdir is defined before being used when the product is installed according to the provided instructions. | |||||
| CVE-2006-5096 | 1 Virtuemart | 1 Virtuemart Joomla Ecommerrce Edition Cms | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid parameter in a (1) com_contact or (2) subscribe action. | |||||
| CVE-2006-5097 | 1 Net2ftp | 1 Net2ftp | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researcher, CVE, and the vendor. The vendor says "the variable is set in settings.inc.php, so this is not a vulnerability." | |||||
| CVE-2006-5100 | 1 Netwin | 1 Webnews | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in parse/parser.php in WEB//NEWS (aka webnews) 1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WN_BASEDIR parameter. | |||||
| CVE-2006-5103 | 1 Bbsnew | 1 Bbsnew | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index2.php in bbsNew 2.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the "right" parameter. | |||||
| CVE-2006-5104 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x allows remote attackers to execute arbitrary SQL commands via the templatesused parameter. | |||||