Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4370 | 1 Alt-n | 1 Webadmin | 2018-10-17 | 7.5 HIGH | N/A |
| Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. | |||||
| CVE-2006-4369 | 1 Integramod | 1 Integramod Portal | 2018-10-17 | 2.6 LOW | N/A |
| Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. | |||||
| CVE-2006-4368 | 1 Integramod | 1 Integramod Portal | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-4363 | 1 Cropimage Component | 1 Cropimage Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter. | |||||
| CVE-2006-4362 | 1 Dieselscripts | 1 Diesel Paid Mail | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. | |||||
| CVE-2006-4361 | 1 Dieselscripts | 1 Diesel Job Site | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. | |||||
| CVE-2006-4357 | 1 Dieselscripts | 1 Diesel Smart Traffic | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. | |||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined. | |||||
| CVE-2006-4351 | 1 Oneorzero | 1 Oneorzero | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-4350 | 1 Oneorzero | 1 Oneorzero | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4346 | 1 Digium | 1 Asterisk | 2018-10-17 | 7.5 HIGH | N/A |
| Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | |||||
| CVE-2006-4338 | 1 Gzip | 1 Gzip | 2018-10-17 | 5.0 MEDIUM | N/A |
| unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. | |||||
| CVE-2006-4284 | 1 Lblog | 1 Lblog | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file. | |||||
| CVE-2006-4314 | 1 Symantec | 1 Enterprise Security Manager | 2018-10-17 | 5.0 MEDIUM | N/A |
| The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request. | |||||
| CVE-2006-4219 | 1 Microsoft | 1 Ie | 2018-10-17 | 7.5 HIGH | N/A |
| The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN. | |||||
| CVE-2006-4221 | 1 Ibm | 1 Egatherer | 2018-10-17 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method. | |||||
| CVE-2006-4209 | 1 Webinsta | 1 Mailing List Manager | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter. | |||||
| CVE-2006-4224 | 1 Vwar | 1 Virtual War | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009. | |||||
| CVE-2006-4311 | 1 Sonium | 1 Enterprise Adressbook | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php. | |||||
| CVE-2006-4228 | 1 Symantec Veritas | 1 Netbackup Puredisk Remote Office Edition | 2018-10-17 | 9.0 HIGH | N/A |
| Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. | |||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4230 | 1 Lizge | 1 Lizge Web Portal | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in index.php in Lizge V.20 Web Portal allow remote attackers to execute arbitrary PHP code via a URL in the (1) lizge or (2) bade parameters. | |||||
| CVE-2006-4231 | 1 Irfanview | 1 Irfanview | 2018-10-17 | 2.6 LOW | N/A |
| IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file. | |||||
| CVE-2006-4309 | 1 Ak-systems | 1 Windows Terminal | 2018-10-17 | 10.0 HIGH | N/A |
| VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. | |||||
| CVE-2006-4317 | 1 Woltlab | 1 Burning Board | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript. | |||||
| CVE-2006-4256 | 1 Horde | 1 Application Framework | 2018-10-17 | 4.3 MEDIUM | N/A |
| index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. | |||||
| CVE-2006-4335 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability." | |||||
| CVE-2006-4236 | 1 Powergap | 2 Powergap Business, Powergap Lite | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO. | |||||
| CVE-2006-4336 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. | |||||
| CVE-2006-4328 | 1 Cloudnine Interactive | 1 Links Manager | 2018-10-17 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
| CVE-2006-4293 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. | |||||
| CVE-2006-4322 | 1 Bits-dont-bite | 1 Estateagent | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4241 | 1 Mamboxchange | 1 Reporter | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in processor/reporter.sql.php in the Reporter Mambo component (com_reporter) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4242 | 1 Joomla | 1 Jim Instant Messaging Component | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4337 | 1 Gzip | 1 Gzip | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | |||||
| CVE-2006-4255 | 1 Horde | 2 Horde, Imp | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. | |||||
| CVE-2006-4330 | 1 Wireshark | 1 Wireshark | 2018-10-17 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | |||||
| CVE-2006-4323 | 1 Cityforfree | 1 Indexcity | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | |||||
| CVE-2006-4286 | 1 Mambo | 1 Mambo | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate. | |||||
| CVE-2006-4334 | 1 Gzip | 1 Gzip | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. | |||||
| CVE-2006-4320 | 1 Opensef Project | 1 Opensef | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4297 | 1 Oscommerce | 1 Oscommerce | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters. | |||||
| CVE-2006-4279 | 1 Xennobb | 1 Xennobb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the icon_topic parameter. | |||||
| CVE-2006-4324 | 1 Cityforfree | 1 Indexcity | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2006-4263 | 1 Product Scroller Module | 1 Product Scroller Module | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php. | |||||
| CVE-2006-4282 | 1 Mamboxchange | 1 Mambowiki | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. | |||||
| CVE-2006-4325 | 1 Doika | 1 Doika Guestbook | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level." | |||||
| CVE-2006-4305 | 2 Mysql, Sap-db | 2 Maxdb, Sap-db | 2018-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. | |||||