Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4218 | 1 Zen Cart | 1 Zen Cart | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier allows remote attackers to include and possibly execute arbitrary local files via directory traversal sequences in the typefilter parameter. | |||||
| CVE-2006-4232 | 1 Globus | 1 Globus Toolkit | 2017-07-20 | 1.2 LOW | N/A |
| Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. | |||||
| CVE-2006-4233 | 1 Globus | 1 Globus Toolkit | 2017-07-20 | 3.6 LOW | N/A |
| Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. | |||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | |||||
| CVE-2006-4240 | 1 Fusionphp | 1 Fusion News | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | |||||
| CVE-2006-4246 | 1 Usermin | 1 Usermin | 2017-07-20 | 3.6 LOW | N/A |
| Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. | |||||
| CVE-2006-4249 | 1 Plone | 1 Plone | 2017-07-20 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." | |||||
| CVE-2006-4250 | 1 Debian | 1 Debian Linux | 2017-07-20 | 4.6 MEDIUM | N/A |
| Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag. | |||||
| CVE-2006-4251 | 1 Powerdns | 1 Recursor | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length. | |||||
| CVE-2006-4252 | 1 Powerdns | 1 Recursor | 2017-07-20 | 5.0 MEDIUM | N/A |
| PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | |||||
| CVE-2006-4254 | 1 Ibm | 1 Aix | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2006-4258 | 1 John Hanna | 1 Anti-spam Smtp Proxy Server | 2017-07-20 | 4.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. | |||||
| CVE-2006-4259 | 1 Jake Olefsky | 1 Fotopholder | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Fotopholder 1.8 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this might be resultant from a directory traversal vulnerability. | |||||
| CVE-2006-4260 | 1 Jake Olefsky | 1 Fotopholder | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. (dot dot) in the path parameter. | |||||
| CVE-2006-4277 | 1 Tutti Nova | 1 Tutti Nova | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4281 | 1 Arthur Konze Webdesign | 1 Akocomment | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | |||||
| CVE-2006-4292 | 1 Niels Provos | 1 Honeyd | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | |||||
| CVE-2006-4298 | 1 Oscommerce | 1 Oscommerce | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions. | |||||
| CVE-2006-4299 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4303 | 1 Sun | 1 Solaris | 2017-07-20 | 2.6 LOW | N/A |
| Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). | |||||
| CVE-2006-4304 | 3 Freebsd, Netbsd, Openbsd | 3 Freebsd, Netbsd, Openbsd | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver. | |||||
| CVE-2006-1907 | 1 Mywebland | 1 Myevent | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1908 | 1 Mywebland | 1 Myevent | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1909 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | |||||
| CVE-2006-1911 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. | |||||
| CVE-2006-1913 | 1 Jax Scripts | 1 Jax Guestbook | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-1914 | 1 Dbbs | 1 Dbbs | 2017-07-20 | 5.0 MEDIUM | N/A |
| DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue. | |||||
| CVE-2006-1916 | 1 Dbbs | 1 Dbbs | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ulocation or (2) uhobbies parameters. | |||||
| CVE-2006-1920 | 1 Pmtool | 1 Pmtool | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1923 | 1 Linpha | 1 Linpha | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. | |||||
| CVE-2006-1924 | 1 Linpha | 1 Linpha | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-1927 | 1 Cisco | 1 Ios Xr | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. | |||||
| CVE-2006-1928 | 1 Cisco | 1 Ios Xr | 2017-07-20 | 5.0 MEDIUM | N/A |
| Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. | |||||
| CVE-2006-1929 | 1 I-rater | 1 I-rater Platinum | 2017-07-20 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | |||||
| CVE-2006-1930 | 1 Hoito | 1 Green Minute | 2017-07-20 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on 20060525 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations. | |||||
| CVE-2006-1943 | 1 Smarter Scripts | 1 Intellilink Pro | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. | |||||
| CVE-2006-1944 | 1 Sibsoft | 1 Communimail | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi. | |||||
| CVE-2006-1946 | 1 Visale | 1 Visale | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. | |||||
| CVE-2006-1947 | 1 Nicplex | 1 Plexum | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters. | |||||
| CVE-2006-1949 | 1 Nicplex | 1 Plexcart | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-1950 | 1 Perlcoders Group | 1 Bannerfarm | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters. | |||||
| CVE-2006-1952 | 1 Winagents | 1 Tftp Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request. | |||||
| CVE-2006-1965 | 1 Aasi Media | 1 Net Clubs Pro | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi. | |||||
| CVE-2006-1967 | 1 Kcscripts | 2 Kcscripts Calendar, Portal Pack | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. | |||||
| CVE-2006-1968 | 1 Kcscripts | 2 Kcscripts News Publisher, Portal Pack | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in KCScripts News Publisher, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter. | |||||
| CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-1970 | 1 Kcscripts | 1 Portal Pack | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in KCScripts Classifieds, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | |||||
| CVE-2006-1973 | 1 Linksys | 1 Rt31p2 | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router allow remote attackers to cause a denial of service via malformed Session Initiation Protocol (SIP) messages. | |||||