Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4784 | 1 Moodle | 1 Moodle | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php. | |||||
| CVE-2006-4786 | 1 Moodle | 1 Moodle | 2017-07-20 | 5.0 MEDIUM | N/A |
| Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups. | |||||
| CVE-2006-4787 | 1 Alphamail | 1 Alphamail | 2017-07-20 | 2.1 LOW | N/A |
| AlphaMail before 1.0.16 allows local users to obtain sensitive information via the logging functionality, which displays unencrypted passwords in an error message. NOTE: some details are obtained from third party information. | |||||
| CVE-2006-4798 | 1 Dws Systems Inc. | 1 Sql-ledger | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. | |||||
| CVE-2006-4806 | 1 Enlightenment | 1 Imlib2 | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images. | |||||
| CVE-2006-4807 | 1 Enlightenment | 1 Imlib2 | 2017-07-20 | 2.6 LOW | N/A |
| loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808. | |||||
| CVE-2006-4808 | 1 Enlightenment | 1 Imlib2 | 2017-07-20 | 2.6 LOW | N/A |
| Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image. | |||||
| CVE-2006-4809 | 1 Enlightenment | 1 Imlib2 | 2017-07-20 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | |||||
| CVE-2006-4819 | 1 Opera | 1 Opera Browser | 2017-07-20 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address). | |||||
| CVE-2006-4821 | 1 Drupal | 1 Drupal Userreview Module | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview module before 1.19 2006/09/12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4822 | 1 Emusoft | 1 Emucms | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters. | |||||
| CVE-2006-4839 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-20 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | |||||
| CVE-2006-4843 | 1 Ibm | 1 Lotus Domino | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme. | |||||
| CVE-2006-4844 | 2 Claroline, Dokeos | 2 Claroline, Open Source Learning And Knowledge Management Tool | 2017-07-20 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter. | |||||
| CVE-2006-4846 | 1 Citrix | 1 Access Gateway | 2017-07-20 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway with Advanced Access Control (AAC) 4.2 before 20060914, when AAC is configured to use LDAP authentication, allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2006-4851 | 1 Bolinos | 1 Bolinos | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in system/_b/contentFiles/gBHTMLEditor.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4902 | 1 Symantec | 3 Veritas Netbackup Client, Veritas Netbackup Enterprise Server, Veritas Netbackup Server | 2017-07-20 | 10.0 HIGH | N/A |
| The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands. | |||||
| CVE-2006-4904 | 1 Qualiteam | 1 X-cart | 2017-07-20 | 7.5 HIGH | N/A |
| Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter. | |||||
| CVE-2006-4909 | 1 Cisco | 1 Guard Ddos Mitigation Appliance | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh. | |||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2017-07-20 | 2.6 LOW | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | |||||
| CVE-2006-4947 | 1 Drupal | 1 Search Keyword Module | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." | |||||
| CVE-2006-4948 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2017-07-20 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4949 | 1 Drupal | 1 Site Profile Directory Module | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. | |||||
| CVE-2006-4951 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 7.5 HIGH | N/A |
| Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename. | |||||
| CVE-2006-4952 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 7.5 HIGH | N/A |
| The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter. | |||||
| CVE-2006-4953 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet. | |||||
| CVE-2006-4954 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 7.5 HIGH | N/A |
| The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users. | |||||
| CVE-2006-4955 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters. | |||||
| CVE-2006-4956 | 1 Neosys | 1 Neon Webmail | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field. | |||||
| CVE-2006-4973 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. | |||||
| CVE-2006-5002 | 1 Ibm | 1 Inventory Scout | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 through 2.2.0.9 (invscoutClient_VPD_Survey) allows attackers to overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-5003 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2006-5004 | 1 Ibm | 1 Aix | 2017-07-20 | 2.1 LOW | N/A |
| Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and 5.3.0 allows local users to overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-5005 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login. | |||||
| CVE-2006-5006 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long directory path argument. | |||||
| CVE-2006-5007 | 1 Ibm | 1 Aix | 2017-07-20 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. | |||||
| CVE-2006-5008 | 1 Ibm | 1 Aix | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors. | |||||
| CVE-2006-5009 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands and overwrite arbitrary files via unspecified vectors, possibly involving a buffer overflow. | |||||
| CVE-2006-5010 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program. | |||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | |||||
| CVE-2006-5031 | 1 Cakefoundation | 1 Cakephp | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, followed by a filename ending with "%00" and a .js filename. | |||||
| CVE-2006-5033 | 1 Paul Smith Computer Services | 1 Vcap | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. | |||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2006-5038 | 1 Fiwin | 1 Ss28s Wifi Voip Sip Skype Phone | 2017-07-20 | 7.5 HIGH | N/A |
| The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | |||||
| CVE-2006-5045 | 1 Joomlaxt | 1 Com Pollxt | 2017-07-20 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_absolute_path to conf.pollxt.php. | |||||
| CVE-2006-5058 | 1 Activision | 3 Call Of Duty, Call Of Duty 2, Call Of Duty United Offensive | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | |||||
| CVE-2006-5063 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. | |||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | |||||
| CVE-2006-5072 | 1 Mono | 1 Mono | 2017-07-20 | 6.2 MEDIUM | N/A |
| The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. | |||||
| CVE-2006-5075 | 1 Sun | 1 Solaris | 2017-07-20 | 7.8 HIGH | N/A |
| The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client. | |||||