Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4448 | 1 Interact Learning Community Environment | 1 Interact | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php. | |||||
| CVE-2006-4443 | 1 Alstrasoft | 1 Video Share Enterprise | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. | |||||
| CVE-2006-4437 | 1 Venture Nine | 1 Tagger Le | 2018-10-17 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php. | |||||
| CVE-2006-4530 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. | |||||
| CVE-2006-4529 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. | |||||
| CVE-2006-4528 | 1 Membrepass | 1 Membrepass | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php. | |||||
| CVE-2006-4524 | 1 Digiappz | 1 Freekot | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-4446 | 1 Microsoft | 1 Ie | 2018-10-17 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points. | |||||
| CVE-2006-4445 | 1 Cutephp | 1 Cutenews | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion. | |||||
| CVE-2006-4523 | 1 2wire Inc | 2 Homeportal, Officeportal | 2018-10-17 | 5.0 MEDIUM | N/A |
| The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request. | |||||
| CVE-2006-4505 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter. | |||||
| CVE-2006-4504 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters. | |||||
| CVE-2006-4503 | 1 Nx5 | 1 Nx5linx | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter. | |||||
| CVE-2006-4502 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 7.5 HIGH | N/A |
| ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. | |||||
| CVE-2006-4432 | 1 Zend | 1 Zend Platform | 2018-10-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection. | |||||
| CVE-2006-4501 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6) doc, (7) mname, (8) max, and possibly other parameters. | |||||
| CVE-2006-4428 | 1 Jupiter Cms | 1 Jupiter Cms | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement. | |||||
| CVE-2006-4500 | 1 Ztml | 1 Ezportal Ztml Cms | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email, (5) password, (6) album, (7) id, (8) table, (9) desc, (10) doc, (11) mname, (12) max, (13) htpl, (14) pheader, and possibly other parameters. | |||||
| CVE-2006-4498 | 1 Phpalbum.net | 1 Phpalbum | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922. | |||||
| CVE-2006-4464 | 1 Nokia | 1 Symbian | 2018-10-17 | 5.0 MEDIUM | N/A |
| The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. | |||||
| CVE-2006-4496 | 1 Iwebnegar | 1 Iwebnegar | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | |||||
| CVE-2006-4495 | 1 Microsoft | 2 Ie, Windows 2003 Server | 2018-10-17 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll. | |||||
| CVE-2006-4494 | 1 Microsoft | 1 Visual Studio | 2018-10-17 | 7.5 HIGH | N/A |
| Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll. | |||||
| CVE-2006-4487 | 1 Duware | 1 Dupoll | 2018-10-17 | 5.0 MEDIUM | N/A |
| DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | |||||
| CVE-2006-4480 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-17 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that is not in the blacklist, as demonstrated using the STYLE attribute of a B element. | |||||
| CVE-2006-4479 | 1 Visualshapers | 1 Ezcontents | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. | |||||
| CVE-2006-4426 | 1 Albert | 1 Albert-easysite | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | |||||
| CVE-2006-4478 | 1 Visualshapers | 1 Ezcontents | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. | |||||
| CVE-2006-4345 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. | |||||
| CVE-2006-4348 | 1 Kochsuite Component | 1 Kochsuite Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4349 | 1 Toenda Software Development | 1 Toendacms | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php. | |||||
| CVE-2006-4364 | 1 Alt-n | 1 Mdaemon | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands. | |||||
| CVE-2006-4422 | 1 Jetbox | 1 Jetbox Cms | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8. | |||||
| CVE-2006-4421 | 1 Yapig | 1 Yapig | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter. | |||||
| CVE-2006-4417 | 1 Xoops | 1 Xoops | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | |||||
| CVE-2006-4392 | 2 Apple, Next | 2 Mac Os X, Openstep | 2018-10-17 | 7.2 HIGH | N/A |
| The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. | |||||
| CVE-2006-4389 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object. | |||||
| CVE-2006-4388 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file. | |||||
| CVE-2006-4386 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie, a different issue than CVE-2006-4381. | |||||
| CVE-2006-4385 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image. | |||||
| CVE-2006-4384 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie. | |||||
| CVE-2006-4382 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie. | |||||
| CVE-2006-4381 | 1 Apple | 1 Quicktime | 2018-10-17 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie. | |||||
| CVE-2006-4379 | 1 Ipswitch | 3 Imail Plus, Imail Secure Server, Ipswitch Collaboration Suite | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the SMTP Daemon in Ipswitch Collaboration 2006 Suite Premium and Standard Editions, IMail, IMail Plus, and IMail Secure allows remote attackers to execute arbitrary code via a long string located after an '@' character and before a ':' character. | |||||
| CVE-2006-4378 | 1 Joomla | 1 Rssxt Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue. | |||||
| CVE-2006-4377 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | |||||
| CVE-2006-4376 | 1 Guder Und Koch Netzwerktechnik | 1 Eichhorn Portal | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module. | |||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2018-10-17 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | |||||
| CVE-2006-4373 | 1 Derek Leung | 1 Pslash | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | |||||
| CVE-2006-4371 | 1 Alt-n | 1 Webadmin | 2018-10-17 | 4.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. | |||||