Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5428 | 1 Cerberus | 1 Cerberus Helpdesk | 2017-07-20 | 5.0 MEDIUM | N/A |
| rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request. | |||||
| CVE-2006-5430 | 1 Db-central | 2 Cms, Enterprise Cms | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5438 | 1 Comdev | 1 Comdev Forum | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Forum 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5439 | 1 Comdev | 1 Comdev Misc Tools | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5440 | 1 Comdev | 1 Comdev Form Designer | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Form Designer 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5441 | 1 Comdev | 1 Comdev Web Blogger | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web Blogger 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5443 | 1 Xiao Gang | 1 Www Interactive Mathematics Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics Server (WIMS) before 3.60 allows remote attackers to modify unspecified data via unspecified vectors involving "variable rights." | |||||
| CVE-2006-5446 | 1 Casinosoft | 1 Casino Script | 2017-07-20 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in lobby/config.php in Casinosoft Casino Script (aka Masvet) 3.2 allows remote attackers to execute arbitrary SQL commands via the cfam parameter. | |||||
| CVE-2006-5486 | 1 Sun | 2 Iplanet Messaging Server, Java System Messaging Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages. | |||||
| CVE-2006-5488 | 1 Xchangeboard | 1 Xchangeboard | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in XchangeBoard 1.70, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginNick parameter during login. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5489 | 1 Rim | 1 Blackberry Enterprise Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before Hotfix 1 for IBM Lotus Domino might allow attackers with meeting organizer privileges to cause a denial of service (application hang) via a deleted recurrent meeting instance when changing the attendee's calendar meeting time. | |||||
| CVE-2006-5490 | 1 Middlebury College | 1 Segue Cms | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Segue Content Management System (CMS) before 1.5.8 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5492 | 1 Maarch | 1 Maarch | 2017-07-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." | |||||
| CVE-2006-5498 | 1 Middlebury College | 1 Segue Cms | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in themes/program/themesettings.inc.php in Segue CMS 1.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter. | |||||
| CVE-2006-5501 | 1 Aol | 1 Aol | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the downloadFileDirectory property, a different vulnerability than CVE-2006-5502. | |||||
| CVE-2006-5502 | 1 Aol | 1 Aol | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. | |||||
| CVE-2006-5505 | 1 Ben3w | 1 2bgal | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote attackers to execute arbitrary PHP code via the lang parameter to (1) admin/configuration.inc.php, (2) admin/creer_album.inc.php, (3) admin/changepwd.php.inc, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5507 | 1 Der Dirigent | 1 Der Dirigent | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2) insert_line.php, (3) fullscreen.php, (4) changecase.php, (5) insert_link.php, (6) insert_table.php, (7) table_cellprop.php, (8) table_prop.php, (9) table_rowprop.php, (10) insert_page.php, and possibly insert_marquee.php in backend/external/wysiswg/popups/. | |||||
| CVE-2006-5513 | 1 Geonetwork | 1 Opensource | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GeoNetwork opensource before 2.0.3 allows remote attackers to execute arbitrary SQL commands, and complete a login, via unspecified vectors. | |||||
| CVE-2006-5545 | 1 Symantec | 1 Mail Security | 2017-07-20 | 5.0 MEDIUM | N/A |
| Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay. | |||||
| CVE-2006-5553 | 1 Cisco | 3 Security Agent, Unified Callmanager, Unified Presence Server | 2017-07-20 | 7.8 HIGH | N/A |
| Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 before 5.0.0.193, as used by Unified CallManager (CUCM) and Unified Presence Server (CUPS), allows remote attackers to cause a denial of service (resource consumption) via a port scan with certain options. | |||||
| CVE-2006-5568 | 1 Datawizard | 1 Ftpxq | 2017-07-20 | 5.0 MEDIUM | N/A |
| FtpXQ Server 3.0.1 allows remote attackers to cause a denial of service (CPU exhaustion) via a long MKD command. | |||||
| CVE-2006-5593 | 1 Neo Japan | 1 Desknets | 2017-07-20 | 6.5 MEDIUM | N/A |
| Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow remote authenticated users to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5598 | 1 Webgeneius | 1 Goop Gallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. | |||||
| CVE-2006-5601 | 1 Xsupplicant | 1 Xsupplicant | 2017-07-20 | 9.0 HIGH | N/A |
| Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5602 | 1 Xsupplicant | 1 Xsupplicant | 2017-07-20 | 4.0 MEDIUM | N/A |
| Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. | |||||
| CVE-2006-5604 | 1 Phpcards | 1 Phpcards | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in phpcards.header.php in phpCards 1.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the CardLanguageFile parameter. | |||||
| CVE-2006-5605 | 1 Phpcards | 1 Phpcards | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters. | |||||
| CVE-2006-5608 | 1 Drupal | 1 Extended Tracker | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before 1.5.2.1 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "parameters from URLs." | |||||
| CVE-2006-5611 | 1 Toshiba | 1 Bluetooth Stack | 2017-07-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405. | |||||
| CVE-2006-5616 | 2 Openpbs, Suse | 2 Openpbs, Suse Linux | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5624 | 1 Mpcs | 1 Mpcs | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Multi-Page Comment System (MPCS) 1.0.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) include.php or (2) functions.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5631 | 1 Ig Shop | 1 Ig Shop | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. | |||||
| CVE-2006-5639 | 1 Openwbem | 1 Openwbem | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." | |||||
| CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2017-07-20 | 5.0 MEDIUM | N/A |
| list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | |||||
| CVE-2006-5654 | 1 Sun | 2 Java System Web Server, One Application Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. | |||||
| CVE-2006-5659 | 1 Pam Extern | 1 Pam Extern | 2017-07-20 | 2.1 LOW | N/A |
| PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2017-07-20 | 7.5 HIGH | N/A |
| Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | |||||
| CVE-2006-5668 | 1 Ampache | 1 Ampache | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Ampache 3.3.2 and earlier, when register_globals is enabled, allows remote attackers to bypass security restrictions and gain guest access. | |||||
| CVE-2006-5675 | 1 Pentaho | 1 Business Intelligence Suite | 2017-07-20 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts. | |||||
| CVE-2006-5680 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 5.0 MEDIUM | N/A |
| The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before 2006-11-08 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive that causes libarchive to skip a region past the actual end of the archive, which triggers an infinite loop that attempts to read more data. | |||||
| CVE-2006-5701 | 2 Linux, Redhat | 2 Linux Kernel, Fedora Core | 2017-07-20 | 4.9 MEDIUM | N/A |
| Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | |||||
| CVE-2006-5704 | 1 Hp | 1 Nonstop Server | 2017-07-20 | 6.2 MEDIUM | N/A |
| HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files. | |||||
| CVE-2006-5710 | 2 Apple, Opendarwin | 2 Mac Os X, Darwin Kernel | 2017-07-20 | 7.5 HIGH | N/A |
| The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-5712 | 1 Mirapoint | 1 Mirapoint Webmail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. | |||||
| CVE-2006-5713 | 1 Efs Software | 1 Efs Web Server | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5723 | 1 Dataparksearch | 1 Dataparksearch | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL. | |||||
| CVE-2006-5724 | 1 Mirabilis | 1 Icq | 2017-07-20 | 2.1 LOW | N/A |
| Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. | |||||
| CVE-2006-5729 | 1 Yazd | 1 Yazd Discussion Forum | 2017-07-20 | 6.5 MEDIUM | N/A |
| Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | |||||
| CVE-2006-5739 | 1 Leicestershire | 1 Communityportals | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. | |||||