Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0376 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-19 | 7.5 HIGH | N/A |
| The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. | |||||
| CVE-2006-0396 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-10-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment. | |||||
| CVE-2006-0403 | 1 E-moblog | 1 E-moblog | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect. | |||||
| CVE-2006-0406 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 5.0 MEDIUM | N/A |
| search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | |||||
| CVE-2006-0407 | 1 Azbb | 1 Az Bulletin Board | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim. | |||||
| CVE-2006-0409 | 1 Pixelpost | 1 Photoblog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. | |||||
| CVE-2006-0413 | 1 Newsphp | 1 Newsphp | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | |||||
| CVE-2006-0417 | 1 Mywebland | 1 Minibloggie | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | |||||
| CVE-2006-0418 | 1 Topcmm Computing | 1 123 Flash Chat Server | 2018-10-19 | 7.5 HIGH | N/A |
| Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. | |||||
| CVE-2006-0434 | 1 Phpxplorer | 1 Phpxplorer | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. NOTE: if the functionality of phpXplorer supports the upload of PHP files, then this issue would not cross privilege boundaries and would not be a vulnerability. | |||||
| CVE-2006-0435 | 1 Oracle | 2 Application Server, Http Server | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | |||||
| CVE-2006-0439 | 1 Text Rider | 1 Text Rider | 2018-10-19 | 5.0 MEDIUM | N/A |
| Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. | |||||
| CVE-2006-0440 | 1 Text Rider | 1 Text Rider | 2018-10-19 | 5.0 MEDIUM | N/A |
| Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie. | |||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2018-10-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | |||||
| CVE-2006-0442 | 1 Mybb | 1 Mybb | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219. | |||||
| CVE-2006-0443 | 1 Cheesyblog | 1 Cheesyblog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. | |||||
| CVE-2006-0444 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2018-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax. | |||||
| CVE-2006-0445 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2018-10-19 | 4.0 MEDIUM | N/A |
| index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability. | |||||
| CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2018-10-19 | 5.0 MEDIUM | N/A |
| phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | |||||
| CVE-2006-0454 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value. | |||||
| CVE-2006-0455 | 1 Gnu | 1 Privacy Guard | 2018-10-19 | 4.6 MEDIUM | N/A |
| gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify". | |||||
| CVE-2006-0461 | 1 Pmachine | 1 Expressionengine | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). | |||||
| CVE-2006-0468 | 1 Stalker | 1 Communigate Pro | 2018-10-19 | 7.5 HIGH | N/A |
| CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. | |||||
| CVE-2006-0469 | 1 Uebimiau | 1 Uebimiau | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. | |||||
| CVE-2006-0471 | 1 My Little Homepage | 1 My Little Forum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | |||||
| CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | |||||
| CVE-2006-0156 | 1 Foxrum | 1 Foxrum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in (1) addpost1.php and (2) addtopic1.php. | |||||
| CVE-2006-0167 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page. | |||||
| CVE-2006-0168 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows remote attackers to inject arbitrary web script or HTML via the description field on the "Create New todo" page. | |||||
| CVE-2006-0169 | 1 Myphpim | 1 Myphpim | 2018-10-19 | 7.5 HIGH | N/A |
| addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to execute arbitrary PHP code via the pdbfile variable, then directly accessing those files from the uploads directory. | |||||
| CVE-2006-0171 | 1 Orjinweb | 1 Orjinweb E-commerce | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: it is not clear, but OrjinWeb might be an application service, in which case it should not be included in CVE. | |||||
| CVE-2006-0172 | 1 Hummingbird | 1 Enterprise Collaboration | 2018-10-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting. | |||||
| CVE-2006-0173 | 1 Hummingbird | 1 Enterprise Collaboration | 2018-10-19 | 4.0 MEDIUM | N/A |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content. | |||||
| CVE-2006-0174 | 1 Hummingbird | 2 Collaboration, Enterprise Collaboration | 2018-10-19 | 4.0 MEDIUM | N/A |
| Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie. | |||||
| CVE-2006-0175 | 1 Webwiz | 1 Web Wiz Forums | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2006-0176 | 1 Xmame | 1 Xmame | 2018-10-19 | 7.2 HIGH | N/A |
| Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. | |||||
| CVE-2006-0180 | 1 Calogic | 1 Calogic Calendars | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. | |||||
| CVE-2006-0182 | 1 Acal | 1 Calendar Project | 2018-10-19 | 7.5 HIGH | N/A |
| login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | |||||
| CVE-2006-0183 | 1 Acal | 1 Calendar Project | 2018-10-19 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182. | |||||
| CVE-2006-0187 | 1 Microsoft | 1 Visual Studio .net | 2018-10-19 | 5.1 MEDIUM | N/A |
| By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | |||||
| CVE-2006-0189 | 1 Estara | 1 Softphone | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | |||||
| CVE-2006-0192 | 1 Philip Loftin | 1 Aspsurvey | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | |||||
| CVE-2006-0193 | 1 Positive Software | 1 H-sphere | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. | |||||
| CVE-2006-0194 | 1 Fog Creek Software | 1 Fogbugz | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. | |||||
| CVE-2006-0196 | 1 Serial Line Sniffer | 1 Serial Line Sniffer | 2018-10-19 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. | |||||
| CVE-2006-0197 | 1 X.org | 1 X.org | 2018-10-19 | 5.0 MEDIUM | N/A |
| The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. | |||||
| CVE-2006-0198 | 1 Xoops | 1 Xoops Pool Module | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. | |||||
| CVE-2006-0199 | 1 Mini-nuke | 1 Cms System | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
| CVE-2006-0203 | 1 Mini-nuke | 1 Cms System | 2018-10-19 | 5.0 MEDIUM | N/A |
| membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. | |||||
| CVE-2006-0204 | 1 Wordcircle | 1 Wordcircle | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. | |||||