Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4055 | 1 Tsep | 1 Tsep | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993. | |||||
| CVE-2006-4057 | 1 Mitch Murray | 1 Eremove | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment. | |||||
| CVE-2006-4058 | 1 Simplog | 1 Simplog | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information. | |||||
| CVE-2006-4059 | 1 Usolved | 1 Newsolved Lite | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php. | |||||
| CVE-2006-4060 | 1 Web-scripts | 1 Visual Events Calendar | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter. | |||||
| CVE-2006-4061 | 1 Thomas Pequet | 1 Phpprintanalyzer | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter. NOTE: this issue has been disputed by third party researchers, stating that the rep_par_rapport_racine variable is initialized before use. | |||||
| CVE-2006-4064 | 1 Yenerturk | 1 Yenerturk Haber Script | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported reported that 2.0 is also affected. | |||||
| CVE-2006-4066 | 1 Microsoft | 1 Windows Xp | 2018-10-17 | 2.6 LOW | N/A |
| The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue. | |||||
| CVE-2006-4069 | 1 Ozjournals | 1 Ozjournals | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) m and (2) c parameters in index.php, (3) a search action, and (4) a "submit comment" action. | |||||
| CVE-2006-4070 | 1 Imendio Planner | 1 Imendio Planner | 2018-10-17 | 5.1 MEDIUM | N/A |
| Format string vulnerability in Imendio Planner 0.13 allows user-assisted attackers to execute arbitrary code via format string specifiers in a filename. | |||||
| CVE-2006-4071 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2018-10-17 | 2.6 LOW | N/A |
| Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file. | |||||
| CVE-2006-4073 | 1 Phpcc | 1 Phpcc | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php. | |||||
| CVE-2006-4075 | 1 Wim Fleischhauer | 1 Docpile We | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/folder.class.php, (2) lib/email.inc.php, (3) lib/document.class.php or (4) lib/auth.inc.php. | |||||
| CVE-2006-4077 | 1 Comet | 1 Comet Webfile Manager | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo Valvano Comet WebFileManager (CWFM) 0.9.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the Language parameter. | |||||
| CVE-2006-4078 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 7.5 HIGH | N/A |
| pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, allows remote attackers to bypass authentication by providing an arbitrary username in the membercookie cookie parameter. | |||||
| CVE-2006-4079 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB 1.08, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the subject parameter (aka the topic title field). | |||||
| CVE-2006-4080 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 2.6 LOW | N/A |
| DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 hash of a password, which allows remote attackers to gain privileges by sniffing or cross-site scripting (XSS) and conduct password guessing attacks. | |||||
| CVE-2006-4081 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 7.5 HIGH | N/A |
| preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. | |||||
| CVE-2006-4082 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2018-10-17 | 7.2 HIGH | N/A |
| Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges. | |||||
| CVE-2006-4088 | 1 Civicspace | 1 Civicspace | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections. | |||||
| CVE-2006-4089 | 1 Andy Lo-a-foe | 1 Alsaplayer | 2018-10-17 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c. | |||||
| CVE-2006-4090 | 1 Webligo | 1 Bloghoster | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php. | |||||
| CVE-2006-4091 | 1 Archangelmgt | 1 Weblog | 2018-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. | |||||
| CVE-2006-4092 | 1 Simpliciti | 1 Locked Browser | 2018-10-17 | 3.6 LOW | N/A |
| Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager. | |||||
| CVE-2006-4095 | 1 Isc | 1 Bind | 2018-10-17 | 5.0 MEDIUM | N/A |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. | |||||
| CVE-2006-4096 | 1 Isc | 1 Bind | 2018-10-17 | 5.0 MEDIUM | N/A |
| BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty. | |||||
| CVE-2006-4103 | 1 Jason Alexander | 1 Phnntp | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | |||||
| CVE-2006-4105 | 1 Fill Threads Database | 1 Fill Threads Database | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. | |||||
| CVE-2006-4106 | 1 Blursoft | 1 Blur6ex | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. | |||||
| CVE-2006-4110 | 1 Apache | 1 Http Server | 2018-10-17 | 4.3 MEDIUM | N/A |
| Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | |||||
| CVE-2006-4114 | 1 Phpmyring | 1 Phpmyring | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. | |||||
| CVE-2006-4115 | 1 E-zest Solutions | 1 Pgmarket | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. | |||||
| CVE-2006-4116 | 1 Lhaz | 1 Lhaz | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | |||||
| CVE-2006-4118 | 1 Chaossoft | 1 Geheimchaos | 2018-10-17 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables. | |||||
| CVE-2006-4122 | 1 Simple One-file Guestbook | 1 Simple One-file Guestbook | 2018-10-17 | 7.5 HIGH | N/A |
| Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | |||||
| CVE-2006-4125 | 1 Dconnect | 1 Dconnect Daemon | 2018-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | |||||
| CVE-2006-4126 | 1 Dconnect | 1 Dconnect Daemon | 2018-10-17 | 5.0 MEDIUM | N/A |
| The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. | |||||
| CVE-2006-4127 | 1 Dconnect | 1 Dconnect Daemon | 2018-10-17 | 4.6 MEDIUM | N/A |
| Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (a) cmd.user.c, (b) penalties.c, or (c) cmd.dc.c. | |||||
| CVE-2006-4128 | 1 Symantec Veritas | 1 Backup Exec | 2018-10-17 | 6.5 MEDIUM | N/A |
| Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. | |||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | |||||
| CVE-2006-4130 | 1 Matt Smith | 1 Remository For Mambo | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4131 | 1 Arcsoft | 1 Mms Composer | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted MMS (Multimedia Messaging Service) messages that trigger the overflows in the (1) M-Notification.ind, (2) M-Retrieve.conf (Header and Body), or (3) SMIL parsers. | |||||
| CVE-2006-4132 | 1 Arcsoft | 1 Mms Composer | 2018-10-17 | 5.0 MEDIUM | N/A |
| ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. | |||||
| CVE-2006-4133 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via an HTTP request with an ADM:GETLOGFILE command and a long portwatcher argument, which triggers the overflow during error message construction when the _snprintf function returns a negative value that is used in a memcpy operation. | |||||
| CVE-2006-4134 | 1 Sap | 1 Internet Graphics Server | 2018-10-17 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service shutdown) via certain HTTP requests. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2006-4135 | 1 Vincent Hor | 1 Calendarix | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue has been disputed by a third party, who says that the affected $calpath variable is set to a constant value in the beginning of the script. CVE concurs that the initial report is invalid. | |||||
| CVE-2006-4138 | 1 Microsoft | 1 Help File Viewer | 2018-10-17 | 7.6 HIGH | N/A |
| Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. | |||||
| CVE-2006-4140 | 1 Ipcheck | 1 Server Monitor | 2018-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/" slash), "..../" (multiple dot), and "..%255c../" (double-encoded "\" backslash). | |||||
| CVE-2006-4141 | 1 Vwar | 1 Virtual War | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters. | |||||
| CVE-2006-4142 | 1 Vwar | 1 Virtual War | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. | |||||