Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6601 | 2 Microsoft, Windows | 2 Windows Xp, Media Player | 2018-10-17 | 4.3 MEDIUM | N/A |
| Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | |||||
| CVE-2006-6602 | 1 Microsoft | 2 Windows Explorer, Windows Xp | 2018-10-17 | 4.3 MEDIUM | N/A |
| explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. | |||||
| CVE-2006-6605 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2018-10-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||||
| CVE-2006-6617 | 1 Microsoft | 1 Project Server | 2018-10-17 | 6.5 MEDIUM | N/A |
| projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | |||||
| CVE-2006-6618 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6619 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6620 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6621 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6622 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6623 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6627 | 1 Softwin | 5 Bitdefender, Bitdefender Antivirus, Bitdefender Internet Security and 2 more | 2018-10-17 | 10.0 HIGH | N/A |
| Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability." | |||||
| CVE-2006-6628 | 1 Openoffice | 1 Openoffice | 2018-10-17 | 4.3 MEDIUM | N/A |
| Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. | |||||
| CVE-2006-6630 | 1 Ibiblio | 1 Osprey | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2006-6640 | 1 Omniture | 1 Sitecatalyst | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6642 | 1 Contra Haber Sistemi | 1 Contra Haber Sistemi | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6648 | 1 Planetluc.com | 1 Rateme | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. | |||||
| CVE-2006-6649 | 1 Hypervm | 1 Hypervm | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, or its existence. | |||||
| CVE-2006-6669 | 1 Webcalendar | 1 Webcalendar | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. | |||||
| CVE-2006-6671 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6676 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-17 | 9.3 HIGH | N/A |
| Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow. | |||||
| CVE-2006-6677 | 1 Eset Software | 1 Nod32 Antivirus | 2018-10-17 | 2.6 LOW | N/A |
| ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error. | |||||
| CVE-2006-6690 | 1 Typo3 | 1 Typo3 | 2018-10-17 | 7.5 HIGH | N/A |
| rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | |||||
| CVE-2006-6697 | 1 Oracle | 1 Application Server Portal | 2018-10-17 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||||
| CVE-2006-6699 | 1 Oracle | 1 Application Server Portal | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697. | |||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2018-10-17 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||
| CVE-2006-6703 | 1 Oracle | 2 Oracle10g, Oracle9i | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | |||||
| CVE-2006-6715 | 1 Powerscripts | 1 Powerclan | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter. | |||||
| CVE-2006-6717 | 1 Alliedtelesyn | 1 At-9000 24 Ethernetswitch | 2018-10-17 | 7.5 HIGH | N/A |
| The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. | |||||
| CVE-2006-6718 | 1 Alliedtelesyn | 1 At-9000 24 Ethernetswitch | 2018-10-17 | 7.5 HIGH | N/A |
| The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions. | |||||
| CVE-2006-6730 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2018-10-17 | 6.6 MEDIUM | N/A |
| OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2. | |||||
| CVE-2006-6733 | 1 Osticket | 1 Osticket Sts | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. | |||||
| CVE-2006-6734 | 1 Obie Website | 1 Mini Web Shop | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | |||||
| CVE-2006-6735 | 1 Obie Website | 1 Mini Web Shop | 2018-10-17 | 5.0 MEDIUM | N/A |
| modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. NOTE: CVE analysis suggests that this error might be resultant from a more serious issue such as directory traversal. | |||||
| CVE-2006-6741 | 1 Mkportal | 1 Mkportal | 2018-10-17 | 5.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | |||||
| CVE-2006-6742 | 1 Hp | 3 Ftp Print Server, Laserjet 5000, Laserjet 5100 | 2018-10-17 | 7.8 HIGH | N/A |
| Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command. | |||||
| CVE-2006-6746 | 1 Dreaxteam | 1 Xt-news | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php. | |||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | |||||
| CVE-2006-6749 | 1 Openser | 1 Openser | 2018-10-17 | 9.3 HIGH | N/A |
| Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter. | |||||
| CVE-2006-6753 | 1 Microsoft | 1 Windows Event Viewer | 2018-10-17 | 4.1 MEDIUM | N/A |
| Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. | |||||
| CVE-2006-6754 | 1 Ixprim | 1 Ixprim Cms | 2018-10-17 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors. | |||||
| CVE-2006-6755 | 1 Ixprim | 1 Ixprim Cms | 2018-10-17 | 5.0 MEDIUM | N/A |
| Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message. | |||||
| CVE-2006-6756 | 1 Ixprim | 1 Ixprim Cms | 2018-10-17 | 5.1 MEDIUM | N/A |
| The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack. | |||||
| CVE-2006-6763 | 1 Keep It Simple Guest Book | 1 Keep It Simple Guest Book | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Keep It Simple Guest Book (KISGB) allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_to_themes parameter in (a) authenticate.php, and the (2) default_path_for_themes parameter in (b) admin.php and (c) upconfig.php. | |||||
| CVE-2006-6768 | 1 Pwp Technologies | 1 The Classified Ad System | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter. | |||||
| CVE-2006-6769 | 1 Php Live | 1 Php Live | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. | |||||
| CVE-2006-6773 | 1 Fishyshoop | 1 Fishyshoop | 2018-10-17 | 7.5 HIGH | N/A |
| pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1. | |||||
| CVE-2006-6776 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | |||||
| CVE-2006-6777 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. | |||||
| CVE-2006-6778 | 1 Timberwolf | 1 Timberwolf | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | |||||
| CVE-2006-6779 | 1 Jelsoft | 1 Vbulletin | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. | |||||