Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6790 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2011-03-08 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php. | |||||
| CVE-2006-6466 | 1 Wikyblog | 1 Wikyblog | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: CVE disputes the l vector because l is validated by ctype_alpha before use. | |||||
| CVE-2006-6433 | 1 Xerox | 1 Workcentre | 2011-03-08 | 5.0 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | |||||
| CVE-2006-6603 | 1 Yahoo | 1 Messenger | 2011-03-08 | 9.3 HIGH | N/A |
| Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2011-03-08 | 4.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | |||||
| CVE-2006-6458 | 1 Trend Micro | 3 Officescan, Pc Cillin - Internet Security 2006, Serverprotect | 2011-03-08 | 7.8 HIGH | N/A |
| The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. | |||||
| CVE-2006-6761 | 1 Novell | 1 Netmail | 2011-03-08 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | |||||
| CVE-2006-6725 | 1 Phpbuilder | 1 Phpbuilder | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2011-03-08 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2006-6695 | 1 Carsen Klock | 1 Textsend | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | |||||
| CVE-2006-6664 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6663 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." | |||||
| CVE-2006-6651 | 1 Intel | 1 2200bg Proset Wireless | 2011-03-08 | 6.8 MEDIUM | N/A |
| Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information. | |||||
| CVE-2006-6431 | 1 Xerox | 1 Workcentre | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | |||||
| CVE-2006-6493 | 1 Openldap | 1 Openldap | 2011-03-08 | 5.1 MEDIUM | N/A |
| Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data. | |||||
| CVE-2006-6443 | 1 Novell | 1 Client | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors. | |||||
| CVE-2006-6489 | 1 Sisco | 5 Ax-s4 Iccp, Ax-s4 Mms, Iccp Toolkit and 2 more | 2011-03-08 | 5.0 MEDIUM | N/A |
| The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for MMS-EASE, AX-S4 MMS and AX-S4 ICCP, and possibly other control system applications, allows remote attackers to cause a denial of service (application termination and restart) via malformed packets. | |||||
| CVE-2006-6528 | 1 Drupal | 1 Chatroom Module | 2011-03-08 | 7.5 HIGH | N/A |
| The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | |||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2011-03-08 | 4.3 MEDIUM | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | |||||
| CVE-2006-6629 | 1 Webwork | 1 Program Generation Language | 2011-03-08 | 7.5 HIGH | N/A |
| lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. | |||||
| CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2011-03-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | |||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2011-03-08 | 7.5 HIGH | N/A |
| The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
| CVE-2006-6481 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | |||||
| CVE-2006-6646 | 1 Drupal | 2 Drupal Project, Drupal Project Issue Tracking | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2006-6595 | 1 Scriptmate | 1 User Manager | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components. | |||||
| CVE-2006-6782 | 1 Pnamazu | 1 Pnamazu | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6506 | 1 Mozilla | 1 Firefox | 2011-03-08 | 4.3 MEDIUM | N/A |
| The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. | |||||
| CVE-2006-6507 | 1 Mozilla | 1 Firefox | 2011-03-08 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | |||||
| CVE-2006-6544 | 1 Cm68 News | 1 Cm68 News | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6527 | 1 Gizzar | 1 Gizzar | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6146 | 1 Takeshi Kanno | 1 Haru Free Pdf Library | 2011-03-08 | 2.6 LOW | N/A |
| Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle. | |||||
| CVE-2006-6075 | 1 Baalasp | 1 Smart Form Portal | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6139 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2011-03-08 | 5.0 MEDIUM | N/A |
| srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | |||||
| CVE-2006-6151 | 1 Messagerie Locale | 1 Messagerie Locale | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6178 | 1 Trend Micro | 1 Officescan | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6179 | 1 Trend Micro | 1 Officescan | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6413 | 1 Amateras | 1 Amateras Sns | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6318 | 1 Stefan Ritt | 1 Elog Web Logbook | 2011-03-08 | 5.0 MEDIUM | N/A |
| The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6357 | 1 Phpnews | 1 Phpnews | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6190 | 1 Anna Irc Bot | 1 Anna\^ Irc Bot | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. | |||||
| CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | |||||
| CVE-2006-6215 | 1 Wallpaper | 1 Wallpaper Complete Website | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php. | |||||
| CVE-2006-6212 | 1 Webwiz | 1 Site News | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6136 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | |||||
| CVE-2006-6400 | 1 Justsystem | 6 Hanako, Hanako Viewer, Ichitaro and 3 more | 2011-03-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields. | |||||
| CVE-2006-6140 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||