Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6444 | 1 Divx | 1 Divx Player | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6446 | 1 Iware | 1 Iware Professional | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6448 | 1 Vt-forum | 1 Vt-forum | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via the user parameter to vf_memberdetail.asp, and other unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6449 | 1 Vt-forum | 1 Vt-forum Lite | 2017-07-29 | 6.4 MEDIUM | N/A |
| Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6450 | 1 Novell | 1 Zenworks Patch Management Server | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | |||||
| CVE-2006-6451 | 1 Swsoft | 1 Plesk | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. | |||||
| CVE-2006-6452 | 1 Myarticles | 1 Myarticles | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. | |||||
| CVE-2006-6454 | 1 J-owamp | 1 Web Interface | 2017-07-29 | 10.0 HIGH | N/A |
| execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6460 | 2 Short Url, Url Tracker Script | 2 Short Url, Url Tracker Script | 2017-07-29 | 10.0 HIGH | N/A |
| Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509. | |||||
| CVE-2006-6461 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2017-07-29 | 7.8 HIGH | N/A |
| tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2508. | |||||
| CVE-2006-6474 | 1 Mcafee | 1 Virusscan | 2017-07-29 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | |||||
| CVE-2006-6484 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-07-29 | 5.0 MEDIUM | N/A |
| The IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.34, Professional Edition 1.6 through 1.83, and Enterprise Edition 1.1 through 1.40 allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a null pointer dereference, as addressed by the ME-10023 hotfix, and a different issue than CVE-2006-6423. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6488 | 1 Iconics | 1 Dialog Wrapper Module Activex Control | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument. | |||||
| CVE-2006-6508 | 1 Phpbb Group | 1 Phpbb | 2017-07-29 | 6.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6511 | 1 Dadaimc | 1 Dadaimc | 2017-07-29 | 6.8 MEDIUM | N/A |
| dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). | |||||
| CVE-2006-6522 | 1 Wikitimescale | 1 Twozero | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6525 | 1 Ezhrs | 1 Hr Assist | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6530 | 1 Drupal | 1 Help Tip Module | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6531 | 1 Drupal | 1 Help Tip Module | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. | |||||
| CVE-2006-6532 | 1 Vt-forum | 1 Vt-forum Lite | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6533 | 1 Oscommerce | 1 Oscommerce | 2017-07-29 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to obtain full path information in error messages. | |||||
| CVE-2006-6540 | 1 Bluetrait | 1 Bluetrait | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6547 | 1 Mlipod | 1 Winamp Ipod Plugin | 2017-07-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. | |||||
| CVE-2006-6555 | 1 Easyfill | 1 Easyfill | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6556 | 1 Eyeos | 1 Eyeos | 2017-07-29 | 7.5 HIGH | N/A |
| The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||||
| CVE-2006-6557 | 1 Skulls | 1 Skulls | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." | |||||
| CVE-2006-6564 | 1 Filezilla | 1 Filezilla | 2017-07-29 | 4.0 MEDIUM | N/A |
| FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. | |||||
| CVE-2006-6572 | 1 Citrix | 1 Access Gateway | 2017-07-29 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6573 | 1 Citrix | 1 Access Gateway | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2017-07-29 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2006-6581 | 1 Vernet Loic | 1 Php Debug | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | |||||
| CVE-2006-6582 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6584 | 1 Italkplus | 1 Italkplus | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6594 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter. | |||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2017-07-29 | 2.7 LOW | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | |||||
| CVE-2006-6608 | 1 Hp | 2 Proliant Integrated Lights Out, Proliant Integrated Lights Out 2 | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | |||||
| CVE-2006-6609 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 5.0 MEDIUM | N/A |
| Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6610 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 7.5 HIGH | N/A |
| clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | |||||
| CVE-2006-6614 | 2 Debian, Thomas Lange | 2 Debian Linux, Fully Automated Installation | 2017-07-29 | 1.9 LOW | N/A |
| The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2017-07-29 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | |||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2017-07-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | |||||
| CVE-2006-6681 | 1 Chetcpasswd | 1 Chetcpasswd | 2017-07-29 | 7.5 HIGH | N/A |
| Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack. | |||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | |||||
| CVE-2006-6708 | 1 Mginternet | 1 Property Site Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-6709 | 1 Mginternet | 1 Property Site Manager | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6729 | 1 A-blog | 1 A-blog | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6743 | 1 Phpprofiles | 1 Phpprofiles | 2017-07-29 | 4.6 MEDIUM | N/A |
| phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | |||||
| CVE-2006-6751 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. | |||||