Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3365 | 1 V3 Chat | 1 V3 Chat | 2018-10-18 | 2.6 LOW | N/A |
| V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement. | |||||
| CVE-2006-3366 | 1 V3 Chat | 1 V3 Chat | 2018-10-18 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...". | |||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2018-10-18 | 5.0 MEDIUM | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3368 | 1 Efone | 1 Efone | 2018-10-18 | 5.0 MEDIUM | N/A |
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-3369 | 1 Iduprey | 1 Kamikaze-qscm | 2018-10-18 | 5.0 MEDIUM | N/A |
| Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2018-10-18 | 5.0 MEDIUM | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3371 | 1 Eupla | 1 Foros | 2018-10-18 | 5.0 MEDIUM | N/A |
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3373 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2018-10-18 | 2.1 LOW | N/A |
| Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | |||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | |||||
| CVE-2006-3376 | 1 Wvware | 2 Libwmf, Wv2 | 2018-10-18 | 7.5 HIGH | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | |||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2018-10-18 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | |||||
| CVE-2006-3381 | 1 Sturgeon Upload | 1 Sturgeon Upload | 2018-10-18 | 7.5 HIGH | N/A |
| SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. NOTE: It is uncertain whether this is a vulnerability or a feature of the product. | |||||
| CVE-2006-3382 | 1 Mads | 1 Mads | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | |||||
| CVE-2006-3384 | 1 Vincent Leclercq | 1 News | 2018-10-18 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters. | |||||
| CVE-2006-3385 | 1 Vincent Leclercq | 1 News | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) id and (2) disabled parameters. | |||||
| CVE-2006-3386 | 1 Vincent Leclercq | 1 News | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in Vincent Leclercq News 5.2 allows remote attackers to obtain sensitive information, such as the installation path, via a mail[] parameter with invalid values. | |||||
| CVE-2006-3388 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the table parameter. | |||||
| CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | |||||
| CVE-2006-3390 | 1 Wordpress | 1 Wordpress | 2018-10-18 | 5.0 MEDIUM | N/A |
| WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized variables. | |||||
| CVE-2006-3392 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2018-10-18 | 5.0 MEDIUM | N/A |
| Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. | |||||
| CVE-2006-3396 | 1 Miro International | 1 Galleria | 2018-10-18 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3399 | 1 Moniwiki | 1 Moniwiki | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632. | |||||
| CVE-2006-3403 | 1 Samba | 1 Samba | 2018-10-18 | 5.0 MEDIUM | N/A |
| The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests. | |||||
| CVE-2006-3405 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. | |||||
| CVE-2006-3406 | 1 Qto | 1 Qtofilemanager | 2018-10-18 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to modify arbitrary files via a .. (dot dot) sequence in the edit parameter. | |||||
| CVE-2006-3421 | 1 Smartsitecms | 1 Smartsitecms | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162. | |||||
| CVE-2006-3423 | 1 Webex Communications | 2 Downloader Activexcontrol, Downloader Java | 2018-10-18 | 9.3 HIGH | N/A |
| WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file. | |||||
| CVE-2006-3425 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2018-10-18 | 7.5 HIGH | N/A |
| FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. | |||||
| CVE-2006-3426 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (b) Novell ZENworks 6.2 SR1 and earlier allows remote attackers to overwrite arbitrary files and directories via a .. (dot dot) sequence in the (1) action, (2) agentid, or (3) index parameters to dagent/nwupload.asp, which are used as pathname components. | |||||
| CVE-2006-3428 | 1 Tigertom Scripts | 1 Ttcalc Script | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php. | |||||
| CVE-2006-3429 | 1 Tigertom Scripts | 1 Ttcalc Script | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | |||||
| CVE-2006-3431 | 1 Microsoft | 1 Excel | 2018-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086. | |||||
| CVE-2006-3434 | 1 Microsoft | 1 Office | 2018-10-18 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption. | |||||
| CVE-2006-3436 | 1 Microsoft | 1 .net Framework | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true". | |||||
| CVE-2006-3442 | 1 Microsoft | 1 Windows Xp | 2018-10-18 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message. | |||||
| CVE-2006-3445 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-18 | 7.5 HIGH | N/A |
| Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow. | |||||
| CVE-2006-3448 | 1 Microsoft | 1 Step-by-step Interactive Training | 2018-10-18 | 9.3 HIGH | N/A |
| Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212. | |||||
| CVE-2006-3449 | 1 Microsoft | 1 Powerpoint | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | |||||
| CVE-2006-3451 | 1 Microsoft | 1 Ie | 2018-10-18 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2018-10-18 | 7.2 HIGH | N/A |
| Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. | |||||
| CVE-2006-3455 | 1 Symantec | 2 Client Security, Norton Antivirus | 2018-10-18 | 4.3 MEDIUM | N/A |
| The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function. | |||||
| CVE-2006-3457 | 1 Symantec | 2 On-demand Agent, On-demand Protection | 2018-10-18 | 2.1 LOW | N/A |
| Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the Virtual Desktop module in Symantec On-Demand Protection (SODP) before 2.6 Build 2233, do not properly encrypt files that are subject to policy-based automatic encryption, which might allow local users to read sensitive data via an unspecified decryption method. | |||||
| CVE-2006-3467 | 1 Freetype | 1 Freetype | 2018-10-18 | 7.5 HIGH | N/A |
| Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. | |||||
| CVE-2006-3474 | 1 Belchior Foundry | 1 Vcard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php. | |||||
| CVE-2006-3475 | 1 Free Qboard | 1 Free Qboard | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998. | |||||
| CVE-2006-3476 | 1 Phpwebgallery | 1 Phpwebgallery | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2006-3491 | 1 Christophe Thibault | 1 Kaillera | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2006-3492 | 1 Mico | 1 Mico | 2018-10-18 | 5.0 MEDIUM | N/A |
| The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO (Mico Is CORBA) 2.3.12 and earlier allows remote attackers to cause a denial of service (application crash) via a message with an incorrect "object key", which triggers an assert error. | |||||