Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2875 | 1 Id Software | 1 Quake 3 Engine | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | |||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2018-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | |||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2018-10-18 | 7.5 HIGH | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | |||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | |||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2018-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | |||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2887 | 1 Aspburst | 1 Mynewsletter | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | |||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | |||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 5.1 MEDIUM | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | |||||
| CVE-2006-2891 | 1 Pixelpost | 1 Pixelpost | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | |||||
| CVE-2006-2892 | 1 Gantty | 1 Gantty | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action. | |||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2018-10-18 | 5.0 MEDIUM | N/A |
| index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | |||||
| CVE-2006-2894 | 2 Mozilla, Netscape | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2018-10-18 | 4.0 MEDIUM | N/A |
| Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. | |||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2018-10-18 | 5.0 MEDIUM | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | |||||
| CVE-2006-2898 | 1 Digium | 1 Asterisk | 2018-10-18 | 7.5 HIGH | N/A |
| The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. | |||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2018-10-18 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2018-10-18 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | |||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2018-10-18 | 5.0 MEDIUM | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | |||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-18 | 7.5 HIGH | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | |||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2018-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | |||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2018-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | |||||
| CVE-2006-2914 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory. | |||||
| CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration. | |||||
| CVE-2006-2916 | 1 Kde | 1 Arts | 2018-10-18 | 6.0 MEDIUM | N/A |
| artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges. | |||||
| CVE-2006-2918 | 1 Lanap Botdetect | 1 Captcha Asp.net | 2018-10-18 | 5.0 MEDIUM | N/A |
| The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number." | |||||
| CVE-2006-2919 | 1 Microsoft | 1 Netmeeting | 2018-10-18 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. | |||||
| CVE-2006-2922 | 1 Miraks | 1 Miraksgalerie | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php. | |||||
| CVE-2006-2923 | 1 Loudhush | 1 Loudhush | 2018-10-18 | 6.4 MEDIUM | N/A |
| The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values. | |||||
| CVE-2006-2928 | 1 Cms-bandits | 1 Cms-bandits | 2018-10-18 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php. | |||||
| CVE-2006-2931 | 1 Hotwebscripts | 1 Cms Mundo | 2018-10-18 | 5.1 MEDIUM | N/A |
| CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files. | |||||
| CVE-2006-2934 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 5.0 MEDIUM | N/A |
| SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. | |||||
| CVE-2006-2936 | 1 Linux | 1 Linux Kernel | 2018-10-18 | 7.8 HIGH | N/A |
| The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. | |||||
| CVE-2006-2937 | 1 Openssl | 1 Openssl | 2018-10-18 | 7.8 HIGH | N/A |
| OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. | |||||
| CVE-2006-2777 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-18 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | |||||
| CVE-2006-2778 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 5.0 MEDIUM | N/A |
| The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. | |||||
| CVE-2006-2779 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 9.3 HIGH | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. | |||||
| CVE-2006-2780 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 9.3 HIGH | N/A |
| Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. | |||||
| CVE-2006-2781 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2018-10-18 | 6.4 MEDIUM | N/A |
| Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. | |||||
| CVE-2006-2782 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-18 | 4.3 MEDIUM | N/A |
| Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. | |||||
| CVE-2006-2783 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 4.3 MEDIUM | N/A |
| Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. | |||||
| CVE-2006-2784 | 1 Mozilla | 1 Firefox | 2018-10-18 | 5.1 MEDIUM | N/A |
| The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. | |||||
| CVE-2006-2785 | 1 Mozilla | 1 Firefox | 2018-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. | |||||
| CVE-2006-2786 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 2.6 LOW | N/A |
| HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. | |||||
| CVE-2006-2787 | 1 Mozilla | 2 Firefox, Thunderbird | 2018-10-18 | 9.3 HIGH | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | |||||
| CVE-2006-2631 | 1 Phpfox | 1 Phpfox | 2018-10-18 | 4.0 MEDIUM | N/A |
| phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. | |||||