Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7199 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 8.5 HIGH | N/A |
| EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." | |||||
| CVE-2006-7008 | 1 Joomla | 1 Joomla | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact and attack vectors, related to "securing mosmsg from misuse." NOTE: it is possible that this issue overlaps CVE-2006-1029. | |||||
| CVE-2006-7003 | 1 Fusionphp | 1 Fusion Polls | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter. | |||||
| CVE-2006-7004 | 1 Php Script Tools | 1 Psy Auction | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in email_request.php in PSY Auction allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7006 | 1 Robin De Graff | 1 Somery | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in upload/admin/team.php in Robin de Graff Somery 0.4.4 allows remote attackers to execute arbitrary PHP code via a URL in the checkauth parameter. NOTE: CVE disputes this vulnerability because the checkauth parameter is only used in conditionals. | |||||
| CVE-2006-7000 | 1 Headstart Solutions | 1 Deskpro | 2008-09-05 | 5.0 MEDIUM | N/A |
| Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to (1) email/mail.php, (2) includes/init.php, (3) certain files in includes/cron/, and (4) jpgraph.php, (5) jpgraph_bar.php, (6) jpgraph_pie.php, and (7) jpgraph_pie3d.php in includes/graph/, which leaks the path in error messages. | |||||
| CVE-2006-7009 | 1 Joomla | 1 Joomla | 2008-09-05 | 7.5 HIGH | N/A |
| Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors. | |||||
| CVE-2006-7010 | 1 Joomla | 1 Joomla | 2008-09-05 | 7.5 HIGH | N/A |
| The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks. | |||||
| CVE-2006-7046 | 1 Clan Manager Pro | 1 Clan Manager Pro | 2008-09-05 | 9.3 HIGH | N/A |
| PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7048 | 1 Claroline | 1 Claroline | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter to (a) atutor.inc.php (b) db-generic.inc.php (c) docebo.inc.php (d) dokeos.1.6.inc.php (e) dokeos.inc.php (f) ganesha.inc.php (g) mambo.inc.php (h) moodle.inc.php (i) phpnuke.inc.php (j) postnuke.inc.php and (k) spip.inc.php in claroline/auth/extauth/drivers/; (2) includePath parameter in mambo.inc.php, postnuke.inc.php, and (l) inc/lib/event/init_event_manager.inc.php; and (3) rootSys parameter in (m) inc/lib/export_exe_tracking.class.php, a different set of vectors than CVE-2006-2284. | |||||
| CVE-2006-7091 | 1 Hinton Design | 1 Phpht Topsites Free | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7187 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. | |||||
| CVE-2006-7188 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. | |||||
| CVE-2006-7189 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer. | |||||
| CVE-2006-7190 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc. | |||||
| CVE-2006-7211 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 4.9 MEDIUM | N/A |
| fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | |||||
| CVE-2006-7212 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | |||||
| CVE-2006-7213 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 5.5 MEDIUM | N/A |
| Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | |||||
| CVE-2006-7214 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning. | |||||
| CVE-2006-7215 | 1 Intel | 3 Core 2 Duo E4000, Core 2 Duo E6000, Core 2 Extreme X6800 | 2008-09-05 | 2.1 LOW | N/A |
| The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. | |||||
| CVE-2006-7223 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 6.5 MEDIUM | N/A |
| PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | |||||
| CVE-2007-0004 | 1 Redhat | 1 Enterprise Linux | 2008-09-05 | 1.9 LOW | N/A |
| The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries. | |||||
| CVE-2006-7001 | 1 Phpmychat Plus | 1 Phpmychat Plus | 2008-09-05 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7164 | 3 Ibm, Linux, Unix | 3 Websphere Application Server, Linux Kernel, Unix | 2008-09-05 | 4.3 MEDIUM | N/A |
| SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | |||||
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2008-09-05 | 9.3 HIGH | N/A |
| Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | |||||
| CVE-2006-7060 | 1 Scriptsez.net | 1 E-dating System | 2008-09-05 | 5.0 MEDIUM | N/A |
| cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message. | |||||
| CVE-2006-7005 | 1 Php Script Tools | 1 Psy Auction | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6999 | 1 Headstart Solutions | 1 Deskpro | 2008-09-05 | 4.3 MEDIUM | N/A |
| attachment.php in Headstart Solutions DeskPRO allows remote attackers to read all uploaded files by providing the file number in a modified id parameter. | |||||
| CVE-2006-7167 | 1 Prorat | 1 Server | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6997 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Standard | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792. | |||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | |||||
| CVE-2006-6974 | 1 Headstart Solutions | 1 Deskpro | 2008-09-05 | 7.5 HIGH | N/A |
| Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/. | |||||
| CVE-2006-6973 | 1 Headstart Solutions | 1 Deskpro | 2008-09-05 | 7.5 HIGH | N/A |
| Headstart Solutions DeskPRO does not require authentication for certain files and directories associated with administrative activities, which allows remote attackers to (1) reinstall the application via a direct request for install/index.php; (2) delete the database via a do=delete_database QUERY_STRING to a renamed copy of install/index.php; or access the administration system, after guessing a filename, via a direct request for a file in (3) admin/ or (4) tech/. | |||||
| CVE-2006-6971 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter. | |||||
| CVE-2006-7162 | 1 Putty | 1 Putty | 2008-09-05 | 1.9 LOW | N/A |
| PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. | |||||
| CVE-2006-7163 | 1 Dreameesoft | 1 Password Master | 2008-09-05 | 6.9 MEDIUM | N/A |
| DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7207 | 1 Ageet | 1 Agephone | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | |||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||||
| CVE-2006-6658 | 1 Inktomi | 1 Inktomi Search | 2008-09-05 | 5.0 MEDIUM | N/A |
| Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | |||||
| CVE-2006-6655 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 1.7 LOW | N/A |
| The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. | |||||
| CVE-2006-6580 | 1 Scriptphp | 1 Pronews | 2008-09-05 | 6.4 MEDIUM | N/A |
| admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6918 | 1 Geobb | 1 Geobb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. | |||||
| CVE-2006-6721 | 1 Knusperleicht | 1 Shoutbox | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | |||||
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | |||||
| CVE-2006-6680 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | |||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6583 | 1 Scriptmate | 1 User Manager | 2008-09-05 | 7.5 HIGH | N/A |
| ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | |||||
| CVE-2006-6600 | 1 Torrentflux | 1 Torrentflux | 2008-09-05 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | |||||
| CVE-2006-6700 | 1 Calacode | 1 Atmail Webmail System | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2006-6656 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. | |||||