Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6573 | 1 Citrix | 1 Access Gateway | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. | |||||
| CVE-2006-6574 | 1 Mantis | 1 Mantis | 2017-07-29 | 5.0 MEDIUM | N/A |
| Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||||
| CVE-2007-0105 | 1 Cisco | 1 Secure Access Control Server | 2017-07-29 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the CSAdmin service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | |||||
| CVE-2006-6582 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6584 | 1 Italkplus | 1 Italkplus | 2017-07-29 | 10.0 HIGH | N/A |
| Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-6594 | 1 Scriptmate | 1 User Manager | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter. | |||||
| CVE-2006-7018 | 1 Oliver Georgi | 1 Phpwcms | 2017-07-29 | 10.0 HIGH | N/A |
| phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. | |||||
| CVE-2006-6606 | 1 Clarens | 1 Jclarens | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2017-07-29 | 2.7 LOW | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | |||||
| CVE-2006-6608 | 1 Hp | 2 Proliant Integrated Lights Out, Proliant Integrated Lights Out 2 | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | |||||
| CVE-2006-6609 | 1 Alientrap | 1 Nexuiz | 2017-07-29 | 5.0 MEDIUM | N/A |
| Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2017-07-29 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-7134 | 1 Noah Spurrier | 1 Upload Tool For Php | 2017-07-29 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7135 | 1 Php Poll Creator | 1 Php Poll Creator | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lib/functions.inc.php in PHP Poll Creator (phpPC) 1.04 allows remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter, a different vector and version than CVE-2005-1755. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7155 | 1 Novell | 1 Bordermanager | 2017-07-29 | 7.5 HIGH | N/A |
| Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks. NOTE: this issue might be related to CVE-2006-5286. | |||||
| CVE-2006-7096 | 1 Klink | 1 Dim3 | 2017-07-29 | 10.0 HIGH | N/A |
| Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||
| CVE-2006-7095 | 1 Klink | 1 Dim3 | 2017-07-29 | 10.0 HIGH | N/A |
| Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow. | |||||
| CVE-2006-7193 | 1 Smarty | 1 Smarty | 2017-07-29 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in unit_test/test_cases.php in Smarty 2.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the SMARTY_DIR parameter. NOTE: this issue is disputed by CVE and a third party because SMARTY_DIR is a constant. | |||||
| CVE-2006-7209 | 1 Zoneo-soft | 1 Phptraffica | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics. | |||||
| CVE-2006-7088 | 1 Simple Php Forum | 1 Simple Php Forum | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.php. | |||||
| CVE-2006-7085 | 1 Rigter Portal System | 1 Rigter Portal System | 2017-07-29 | 4.3 MEDIUM | N/A |
| Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely. | |||||
| CVE-2006-7083 | 1 Rigter Portal System | 1 Rigter Portal System | 2017-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to read arbitrary files via ".." sequences in the id parameter. | |||||
| CVE-2006-7082 | 1 Rigter Portal System | 1 Rigter Portal System | 2017-07-29 | 7.5 HIGH | N/A |
| Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to bypass authentication and upload arbitrary files via direct requests to (1) adm/photos/images.php and (2) adm/down/files.php. | |||||
| CVE-2006-7077 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter. | |||||
| CVE-2006-7075 | 1 Aqualung | 1 Aqualung | 2017-07-29 | 6.8 MEDIUM | N/A |
| Buffer overflow in the meta_read_flac function in meta_decoder.c for Aqualung 0.9beta5 and earlier, and CVS 0.193.2 and earlier, allows user-assisted attackers to execute arbitrary code via a long Vorbis comment in a Free Lossless Audio Codec (FLAC) file. | |||||
| CVE-2006-7073 | 1 Opentools | 1 Attachment Mod | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to the uploaded attachments form. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-7064 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-29 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter. | |||||
| CVE-2006-7062 | 1 Kmail | 1 Kmail | 2017-07-29 | 7.8 HIGH | N/A |
| calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | |||||
| CVE-2007-0003 | 1 Andrew Morgan | 1 Linux Pam | 2017-07-29 | 7.2 HIGH | N/A |
| pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters. | |||||
| CVE-2006-7050 | 1 Wikkawiki | 1 Wikkawiki | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not properly handled in formatters/wakka.php, and possibly (2) other vectors in wikka.php. | |||||
| CVE-2006-7049 | 1 Wikkawiki | 1 Wikkawiki | 2017-07-29 | 7.5 HIGH | N/A |
| The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the strstr and strrpos functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files. | |||||
| CVE-2007-0007 | 1 Gnucash | 1 Gnucash | 2017-07-29 | 3.6 LOW | N/A |
| gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) gnucash.trace, (2) qof.trace, and (3) qof.trace.[PID] temporary files. | |||||
| CVE-2007-0019 | 1 Maxum Development Corporation | 1 Rumpus Ftp Server | 2017-07-29 | 6.5 MEDIUM | N/A |
| Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service. | |||||
| CVE-2006-7044 | 1 Cmpro Team | 1 Clan Manager Pro | 2017-07-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in comment.core.inc.php in Clan Manager Pro (CMPRO) 1.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter. | |||||
| CVE-2006-7043 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2017-07-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery. | |||||
| CVE-2007-0021 | 1 Apple | 1 Ichat | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | |||||
| CVE-2007-0022 | 1 Apple | 1 Mac Os X | 2017-07-29 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | |||||
| CVE-2007-0023 | 1 Apple | 1 Mac Os X | 2017-07-29 | 6.9 MEDIUM | N/A |
| The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. | |||||
| CVE-2006-7041 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2017-07-29 | 7.8 HIGH | N/A |
| The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. | |||||
| CVE-2006-7040 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2017-07-29 | 7.8 HIGH | N/A |
| Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service. | |||||
| CVE-2006-7039 | 2 Atrium Software, Microsoft | 9 Mercur Messaging 2005, Windows 2000, Windows 2003 Server and 6 more | 2017-07-29 | 5.0 MEDIUM | N/A |
| The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field. | |||||
| CVE-2006-7038 | 1 Atrium Software | 1 Mercur Messaging 2005 | 2017-07-29 | 7.8 HIGH | N/A |
| Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | |||||
| CVE-2006-7054 | 1 Arkoon | 1 Fast360 | 2017-07-29 | 7.8 HIGH | N/A |
| The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 through 3.3, and 4.0 allows remote attackers to cause a denial of service (reboot) via a malformed DNS message, as demonstrated by the PROTOS DNS testing suite. | |||||
| CVE-2006-7053 | 1 Arkoon | 1 Fast360 | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through 3.0/29, 3.1, 3.2, and 3.3 allows remote attackers to bypass keyword filtering in the FAST HTTP module, and signatures in the IDPS HTTP module, via crafted URLs that are "misinterpreted." | |||||
| CVE-2007-0047 | 1 Adobe | 1 Acrobat Reader | 2017-07-29 | 6.8 MEDIUM | N/A |
| CRLF injection vulnerability in Adobe Acrobat Reader Plugin before 8.0.0, when used with the Microsoft.XMLHTTP ActiveX object in Internet Explorer, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the javascript: URI in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters. | |||||
| CVE-2007-0068 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 9.3 HIGH | N/A |
| IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database. | |||||
| CVE-2007-0095 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-29 | 5.0 MEDIUM | N/A |
| phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message. | |||||
| CVE-2006-7017 | 1 Nicecoder | 1 Indexu | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the admin_template_path parameter to admin/ scripts (1) app_change_email.php, (2) app_change_pwd.php, (3) app_mod_rewrite.php, (4) app_page_caching.php, (5) app_setup.php, (6) cat_add.php, (7) cat_delete.php, (8) cat_edit.php, (9) cat_path_update.php, (10) cat_search.php, (11) cat_struc.php, (12) cat_view.php, (13) cat_view_hidden.php, (14) cat_view_hierarchy.php, (15) cat_view_registered_only.php, (16) checkurl_web.php, (17) db_alter.php, (18) db_alter_change.php, (19) db_backup.php, (20) db_export.php, (21) db_import.php, (22) editor_add.php, (23) editor_delete.php, (24) editor_validate.php, (25) head.php, (26) index.php, (27) inv_config.php, (28) inv_config_payment.php, (29) inv_create.php, (30) inv_delete.php, (31) inv_edit.php, (32) inv_markpaid.php, (33) inv_markunpaid.php, (34) inv_overdue.php, (35) inv_paid.php, (36) inv_send.php, (37) inv_unpaid.php, (38) lang_modify.php, (39) link_add.php, (40) link_bad.php, (41) link_bad_delete.php, (42) link_checkurl.php, (43) link_delete.php, (44) link_duplicate.php, (45) link_edit.php, (46) link_premium_listing.php, (47) link_premium_sponsored.php, (48) link_search.php, (49) link_sponsored_listing.php, (50) link_validate.php, (51) link_validate_edit.php, (52) link_view.php, (53) log_search.php, (54) mail_modify.php, (55) menu.php, (56) message_create.php, (57) message_delete.php, (58) message_edit.php, (59) message_send.php, (60) message_subscriber.php, (61) message_view.php, (62) review_validate.php, (63) review_validate_edit.php, (64) summary.php, (65) template_active.php, (66) template_add_custom.php, (67) template_delete.php, (68) template_delete_file.php, (69) template_duplicate.php, (70) template_export.php, (71) template_import.php, (72) template_manager.php, (73) template_modify.php, (74) template_modify_file.php, (75) template_rename.php, (76) user_add.php, (77) user_delete.php, (78) user_edit.php, (79) user_search.php, and (80) whos.php. | |||||
| CVE-2007-0085 | 1 Openbsd | 1 Openbsd | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference. | |||||
| CVE-2007-0096 | 1 Carbon Communities | 1 Carbon Communities | 2017-07-29 | 7.5 HIGH | N/A |
| CarbonCommunities stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for DataBase/Carbon2.4d.mdb. | |||||