Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6016 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.0 MEDIUM | N/A |
| wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | |||||
| CVE-2006-5961 | 1 Pegasus | 1 Mercury Mail Transport System | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. | |||||
| CVE-2006-6025 | 1 Qualcomm | 1 Eudora Worldmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2006-5912 | 1 Campware.org | 1 Campsite | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords. | |||||
| CVE-2006-5810 | 1 Xoops | 1 Xoops | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | |||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2008-09-05 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5911 | 1 Campware.org | 1 Campsite | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/. | |||||
| CVE-2006-5817 | 1 Parallels | 1 Parallels Desktop | 2008-09-05 | 2.1 LOW | N/A |
| prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. | |||||
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2008-09-05 | 2.1 LOW | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2006-6008 | 1 Netkit | 1 Netkit | 2008-09-05 | 6.5 MEDIUM | N/A |
| ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | |||||
| CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. | |||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2008-09-05 | 2.1 LOW | N/A |
| Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5708 | 1 Alt-n | 1 Mdaemon | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | |||||
| CVE-2006-5569 | 1 Datawizard | 1 Ftpxq | 2008-09-05 | 6.4 MEDIUM | N/A |
| FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5550 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2008-09-05 | 4.9 MEDIUM | N/A |
| The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | |||||
| CVE-2006-5528 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | |||||
| CVE-2006-5436 | 1 Freefaq | 1 Freefaq | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter. | |||||
| CVE-2006-5394 | 1 Cisco | 1 Secure Desktop | 2008-09-05 | 2.1 LOW | N/A |
| The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. | |||||
| CVE-2006-5393 | 1 Cisco | 1 Secure Desktop | 2008-09-05 | 2.1 LOW | N/A |
| Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session. | |||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2008-09-05 | 5.0 MEDIUM | N/A |
| The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." | |||||
| CVE-2006-5649 | 1 Ubuntu | 1 Ubuntu Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. | |||||
| CVE-2006-5603 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5610 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||||
| CVE-2006-5529 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2008-09-05 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5648 | 1 Ubuntu | 1 Ubuntu Linux | 2008-09-05 | 4.6 MEDIUM | N/A |
| Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. | |||||
| CVE-2006-5457 | 1 Casinosoft | 1 Casino Script | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field. | |||||
| CVE-2006-5632 | 1 Ig Shop | 1 Ig Shop | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5021 | 1 Redblog | 1 Redblog | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path parameter in (2) admin/config.php, (3) common.php, and (4) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5195 | 1 Wheatblog | 1 Wheatblog | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5248 | 1 Eazy Cart | 1 Eazy Cart | 2008-09-05 | 7.8 HIGH | N/A |
| Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5026 | 1 Paisterist | 1 Simple Http Scanner | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.3 have unknown impact and attack vectors. | |||||
| CVE-2006-5133 | 1 Steve Poulsen | 1 Guildftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have an unknown impact, possibly code execution related to input containing "globbing chars." | |||||
| CVE-2006-5251 | 1 Deep Cms | 1 Deep Cms | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5117 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | |||||
| CVE-2006-4996 | 1 Joomla | 1 Joomlalib | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies." | |||||
| CVE-2006-4995 | 1 Joomla | 1 Bsq Sitestats | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-5039 | 1 Joomla | 2 Com Events, Events Module | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Events 1.3 beta module (com_events) for Joomla! has unspecified impact and attack vectors. | |||||
| CVE-2006-5047 | 1 Joomla | 1 Rs Gallery2 | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 component (com_rsgallery2) before 1.11.3 for Joomla! allows attackers to execute arbitrary code. | |||||
| CVE-2006-5025 | 1 Paisterist | 1 Simple Http Scanner | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack vectors. | |||||
| CVE-2006-5252 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2008-09-05 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | |||||
| CVE-2006-5024 | 1 Paisterist | 1 Simple Http Scanner | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.4 have unknown impact and attack vectors. | |||||
| CVE-2006-5041 | 1 Joomla | 2 Com Hotproperties, Hot Properties | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Hot Properties (possibly com_hotproperties) 0.97 and earlier for Joomla! has unspecified impact and attack vectors. | |||||
| CVE-2006-5321 | 1 Tincan | 1 Phplist | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phplist before 2.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5046 | 1 Joomla | 1 Rs Gallery2 | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and earlier for Joomla! has unspecified impact and attack vectors, related to lack of "hardened language files." | |||||
| CVE-2006-5197 | 1 Pdshoppro | 1 Pdshoppro | 2008-09-05 | 5.0 MEDIUM | N/A |
| PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb. | |||||
| CVE-2006-5089 | 1 My-bic | 1 My-bic | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. CVE disputes this vulnerability because the file variable is defined before use in a way that prevents arbitrary inclusion. | |||||
| CVE-2006-5042 | 1 Joomla | 2 Com Mosmedia, Mosmedia | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier for Joomla! has unspecified impact and attack vectors. | |||||