Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4587 | 1 Vtiger | 1 Vtiger Crm | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. | |||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2011-03-08 | 7.5 HIGH | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | |||||
| CVE-2006-4621 | 1 Bare Concept Media | 1 Pheap Cms | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. | |||||
| CVE-2006-4588 | 1 Vtiger | 1 Vtiger Crm | 2011-03-08 | 7.5 HIGH | N/A |
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | |||||
| CVE-2006-4684 | 1 Zope | 1 Zope | 2011-03-08 | 5.0 MEDIUM | N/A |
| The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | |||||
| CVE-2006-4643 | 1 Uni-vert | 1 Phpleague | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4683 | 1 Ibm | 1 Director | 2011-03-08 | 5.0 MEDIUM | N/A |
| IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. | |||||
| CVE-2006-4682 | 1 Ibm | 1 Director | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | |||||
| CVE-2006-4539 | 1 Cerberus | 1 Cerberus Helpdesk | 2011-03-08 | 7.5 HIGH | N/A |
| (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4475 | 1 Joomla | 1 Joomla | 2011-03-08 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||||
| CVE-2006-4522 | 1 Ibm | 1 Aix | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. | |||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2011-03-08 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | |||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | |||||
| CVE-2006-4086 | 1 Ozjournals | 1 Ozjournals | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4447 | 1 X.org | 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more | 2011-03-08 | 7.2 HIGH | N/A |
| X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. | |||||
| CVE-2006-4438 | 1 Doctor Web Ltd | 1 Dr.web | 2011-03-08 | 6.4 MEDIUM | N/A |
| Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name. | |||||
| CVE-2006-4441 | 1 Ay System Solutions | 1 Ay System Solutions Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4442 | 1 Clemens Wacha | 1 Php Iaddressbook | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information. | |||||
| CVE-2006-4137 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | |||||
| CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | |||||
| CVE-2006-4451 | 1 Cj Design | 1 Cj Tag Board | 2011-03-08 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php. | |||||
| CVE-2006-4457 | 1 Phpecard | 1 Phpecard | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4054 | 1 Ehmig | 1 Me Download System | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4076 | 1 Wim Fleischhauer | 1 Docpile We | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2011-03-08 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2011-03-08 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2011-03-08 | 5.0 MEDIUM | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||||
| CVE-2006-4294 | 1 Twiki | 1 Twiki | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2006-4016 | 1 Toenda Software Development | 1 Toendacms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-4222 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identified by PK25199, and "Potential security exposure" issues as identified by (2) PK22747, (3) PK24334, (4) PK25740, and (5) PK26123. | |||||
| CVE-2006-4220 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | |||||
| CVE-2006-4344 | 1 Cgi-rescue | 1 Mail F W System | 2011-03-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. | |||||
| CVE-2006-4396 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack. | |||||
| CVE-2006-4397 | 1 Apple | 1 Mac Os X | 2011-03-08 | 4.6 MEDIUM | N/A |
| Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. | |||||
| CVE-2006-4398 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | |||||
| CVE-2006-4400 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files. | |||||
| CVE-2006-4401 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI. | |||||
| CVE-2006-4155 | 1 Invision Power Services | 1 Invision Power Board | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." | |||||
| CVE-2006-4404 | 1 Apple | 1 Mac Os X | 2011-03-08 | 10.0 HIGH | N/A |
| The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges. | |||||
| CVE-2006-4407 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic. | |||||
| CVE-2006-4408 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940. | |||||
| CVE-2006-4409 | 1 Apple | 1 Mac Os X | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked. | |||||
| CVE-2006-4410 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.5 HIGH | N/A |
| The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates. | |||||
| CVE-2006-4411 | 1 Apple | 1 Mac Os X | 2011-03-08 | 7.2 HIGH | N/A |
| The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2006-4413 | 1 Apple | 1 Remote Desktop | 2011-03-08 | 7.2 HIGH | N/A |
| Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | |||||
| CVE-2006-3902 | 1 Phpfaber | 1 Topsites | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2011-03-08 | 7.5 HIGH | N/A |
| Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | |||||
| CVE-2006-3822 | 1 Geodesicsolutions | 1 Geoauctions Enterprise | 2011-03-08 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||||