Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6630 | 1 Ibiblio | 1 Osprey | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||||
| CVE-2006-6622 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6628 | 1 Openoffice | 1 Openoffice | 2018-10-17 | 4.3 MEDIUM | N/A |
| Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. | |||||
| CVE-2006-6623 | 6 Avg, Comodo, Filseclab and 3 more | 6 Antivirus Plus Firewall, Comodo Personal Firewall, Personal Firewall and 3 more | 2018-10-17 | 7.2 HIGH | N/A |
| Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||||
| CVE-2006-6627 | 1 Softwin | 5 Bitdefender, Bitdefender Antivirus, Bitdefender Internet Security and 2 more | 2018-10-17 | 10.0 HIGH | N/A |
| Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability." | |||||
| CVE-2006-6897 | 1 Widcomm | 1 Bluetooth For Windows | 2018-10-17 | 5.4 MEDIUM | N/A |
| Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter. | |||||
| CVE-2006-6896 | 1 Plantronic | 1 Headset | 2018-10-17 | 5.4 MEDIUM | N/A |
| The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations. | |||||
| CVE-2006-6895 | 1 Sony Ericsson | 1 T60 | 2018-10-17 | 2.9 LOW | N/A |
| The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses. | |||||
| CVE-2006-6883 | 1 Phpirc Bot | 1 Phpirc Bot | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, since the dir variable is declared before being used. | |||||
| CVE-2006-6876 | 1 Openser | 1 Openser | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. | |||||
| CVE-2006-6875 | 1 Openser | 2 Openser, Openser Osp Module | 2018-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header. | |||||
| CVE-2006-6865 | 1 Softartisans | 1 Fileup | 2018-10-17 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences. | |||||
| CVE-2006-6864 | 1 Enigma2 | 1 Coppermine Bridge | 2018-10-17 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. | |||||
| CVE-2006-6860 | 1 Mythcontrol | 1 Mythcontrol | 2018-10-17 | 10.0 HIGH | N/A |
| Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6857 | 1 Docebolms | 1 Docebolms | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||||
| CVE-2006-6854 | 1 De Marchi Daniele | 1 Quickcam | 2018-10-17 | 7.5 HIGH | N/A |
| The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object. | |||||
| CVE-2006-6851 | 1 Mobilelib | 1 Mobilelib Gold | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. | |||||
| CVE-2006-6849 | 1 Cahier De Textes | 1 Cahier De Textes | 2018-10-17 | 7.5 HIGH | N/A |
| administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions. | |||||
| CVE-2006-6845 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. | |||||
| CVE-2006-6844 | 1 Cmsmadesimple | 1 Cms Made Simple | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. | |||||
| CVE-2006-6838 | 1 Rediff | 1 Bol Downloader Activex Ocx Control | 2018-10-17 | 7.5 HIGH | N/A |
| Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter. | |||||
| CVE-2006-6837 | 1 Sergey Oblomov | 1 Iso Wincmd | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image. | |||||
| CVE-2006-6835 | 1 Neocrome | 1 Land Down Under | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php. | |||||
| CVE-2006-6819 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 6.4 MEDIUM | N/A |
| AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | |||||
| CVE-2006-6818 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 7.5 HIGH | N/A |
| AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config. | |||||
| CVE-2006-6817 | 1 Alstrasoft | 1 Webhost Directory | 2018-10-17 | 5.0 MEDIUM | N/A |
| AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. | |||||
| CVE-2006-6816 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel; (4) the sent parameter to (a) login.asp, (b) content.asp, and (c) members.asp in the Remote-WebSite; and (5) the sent parameter to applications/SecureLoginManager/inc_secureloginmanager.asp in the Live Demo. | |||||
| CVE-2006-6538 | 1 D-link | 1 Dwl-2000ap\+ | 2018-10-17 | 7.8 HIGH | N/A |
| D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link. | |||||
| CVE-2006-6815 | 1 Dmxready | 1 Dmxready Secure Login Manager | 2018-10-17 | 6.0 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. | |||||
| CVE-2006-6797 | 1 Microsoft | 1 Windows Xp | 2018-10-17 | 6.6 MEDIUM | N/A |
| The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | |||||
| CVE-2006-6794 | 1 Efkan Forum | 1 Efkan Forum | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the grup parameter. | |||||
| CVE-2006-6793 | 1 Okul Merkezi | 1 Okul Merkezi Portal | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi Portal 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | |||||
| CVE-2006-6800 | 1 Limbo Cms | 1 Event Module | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | |||||
| CVE-2006-6517 | 1 Kdpics | 1 Kdpics | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. | |||||
| CVE-2006-6518 | 1 Scriptphp | 1 Pronews | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. | |||||
| CVE-2006-6519 | 1 Scriptphp | 1 Pronews | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2006-6778 | 1 Timberwolf | 1 Timberwolf | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. | |||||
| CVE-2006-6777 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. | |||||
| CVE-2006-6520 | 1 Scriptphp | 1 Messageriescripthp | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. | |||||
| CVE-2006-6776 | 1 Future Internet | 1 Future Internet | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | |||||
| CVE-2006-6773 | 1 Fishyshoop | 1 Fishyshoop | 2018-10-17 | 7.5 HIGH | N/A |
| pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1. | |||||
| CVE-2006-6769 | 1 Php Live | 1 Php Live | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search_string parameter in (a) setup/transcripts.php, the (2) l parameter in (b) index.php, the (3) login field in (c) phplive/index.php, and the (4) deptid and (5) x parameters in (d) phplive/message_box.php. | |||||
| CVE-2006-6521 | 1 Scriptphp | 1 Messageriescripthp | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | |||||
| CVE-2006-6523 | 1 Cpanel | 1 Cpanel | 2018-10-17 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-2006-6539 | 1 Flippet.org | 1 Winamp Web Interface | 2018-10-17 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6526 | 1 Gizzar | 1 Gizzar | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | |||||
| CVE-2006-6541 | 1 Php | 1 Animated Smiley Generator | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE: the vendor disputes this issue, stating that only Warez versions of Animated Smiley Generator were affected, not the developer-provided software: "Legitimately purchased applications do not allow this exploit." | |||||
| CVE-2006-6811 | 1 Kde | 1 Ksirc | 2018-10-17 | 4.3 MEDIUM | N/A |
| KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. | |||||
| CVE-2006-6537 | 1 Ibm | 1 Websphere Host On-demand | 2018-10-17 | 7.5 HIGH | N/A |
| IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | |||||
| CVE-2006-6768 | 1 Pwp Technologies | 1 The Classified Ad System | 2018-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in default.asp in PWP Technologies The Classified Ad System allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) main parameter. | |||||