Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5010 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows local users to execute arbitrary commands by modifying the path to point to a malicious mkdir program. | |||||
| CVE-2006-5011 | 1 Ibm | 1 Aix | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via a Trojan horse program, involving the "system subroutine". | |||||
| CVE-2006-5038 | 1 Fiwin | 1 Ss28s Wifi Voip Sip Skype Phone | 2017-07-20 | 7.5 HIGH | N/A |
| The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, has a hard-coded username and password, which allows remote attackers to gain administrative access via telnet. | |||||
| CVE-2006-5033 | 1 Paul Smith Computer Services | 1 Vcap | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding. | |||||
| CVE-2006-5034 | 1 Paul Smith Computer Services | 1 Vcap | 2017-07-20 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. | |||||
| CVE-2006-5058 | 1 Activision | 3 Call Of Duty, Call Of Duty 2, Call Of Duty United Offensive | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty United Offensive 1.51b and earlier, and (3) Call of Duty 2 1.3 and earlier allows remote attackers to execute arbitrary code via a long map argument to the "callvote map" command. | |||||
| CVE-2006-5063 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-20 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode. | |||||
| CVE-2006-5071 | 1 Eyeos Project | 1 Eyeos | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before 0.9.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) eyeNav and (2) system/baixar.php. | |||||
| CVE-2006-5072 | 1 Mono | 1 Mono | 2017-07-20 | 6.2 MEDIUM | N/A |
| The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. | |||||
| CVE-2006-5075 | 1 Sun | 1 Solaris | 2017-07-20 | 7.8 HIGH | N/A |
| The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client. | |||||
| CVE-2006-5105 | 1 Forum One | 1 Syntaxcms | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 through 1.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the init_path parameter to admin/testing/tests/0030_init_syntax.php, or (2) an unspecified parameter to admin/testing/index.php. NOTE: the 0004_init_urls.php vector is already covered by CVE-2006-5055. | |||||
| CVE-2006-5110 | 1 Php Invoice | 1 Php Invoice | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5111 | 1 Libksba Library | 1 Libksba Library | 2017-07-20 | 5.0 MEDIUM | N/A |
| The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. | |||||
| CVE-2006-5113 | 1 Yuuki Yoshizawa | 1 Exporia | 2017-07-20 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to include and execute local files via a .. (dot dot) in the lan parameter to includes.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5382 | 1 3com | 1 Superstack 3 Switch 4400 | 2017-07-20 | 7.5 HIGH | N/A |
| 3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned. | |||||
| CVE-2006-5132 | 1 Phpmyagenda | 1 Phpmyagenda | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 Final and earlier allow remote attackers to execute arbitrary PHP code via a URL in the rootagenda parameter to (1) agendaplace.php3, (2) agendaplace2.php3, (3) infoevent.php3, and (4) agenda2.php3, different vectors than CVE-2006-2009. | |||||
| CVE-2006-5425 | 1 Xorp | 1 Extensible Open Router Platform | 2017-07-20 | 5.0 MEDIUM | N/A |
| XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field. | |||||
| CVE-2006-5420 | 1 Kerio | 1 Winroute Firewall | 2017-07-20 | 5.0 MEDIUM | N/A |
| Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. | |||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2017-07-20 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | |||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2017-07-20 | 10.0 HIGH | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | |||||
| CVE-2006-5218 | 2 Netbsd, Openbsd | 2 Netbsd, Openbsd | 2017-07-20 | 4.6 MEDIUM | N/A |
| Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. | |||||
| CVE-2006-5395 | 1 Microsoft | 1 Class Package Export Tool | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in Microsoft Class Package Export Tool (aka clspack.exe) allows context-dependent attackers to execute arbitrary code via a long string. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5185 | 1 Hamweather | 1 Hamweather | 2017-07-20 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the do_parse_code function. | |||||
| CVE-2006-5397 | 1 X.org | 1 Libx11 | 2017-07-20 | 2.1 LOW | N/A |
| The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. | |||||
| CVE-2006-5196 | 1 Motorola | 1 Surfboard | 2017-07-20 | 7.8 HIGH | N/A |
| The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows remote attackers to cause a denial of service (device crash) via a request with MfcISAPICommand set to SecretProc and a long string in the Secret parameter. | |||||
| CVE-2006-5199 | 1 Adobe | 1 Contribute | 2017-07-20 | 2.1 LOW | N/A |
| Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. | |||||
| CVE-2006-5200 | 1 Adobe | 1 Breeze Licensed Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze 5.1 Licensed Server allows attackers to read arbitrary files via unknown vectors related to "URL parsing." | |||||
| CVE-2006-5213 | 1 Sun | 1 Solaris | 2017-07-20 | 3.6 LOW | N/A |
| Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). | |||||
| CVE-2006-5403 | 1 Symantec | 4 Automated Support Assistant, Norton Antivirus, Norton Internet Security and 1 more | 2017-07-20 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-5225 | 1 Aai-portal | 1 Aaiportal | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5231 | 1 Grandstream | 1 Gxp-2000 | 2017-07-20 | 7.8 HIGH | N/A |
| Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP. | |||||
| CVE-2006-5233 | 1 Polycom | 1 Soundpoint Ip 301 | 2017-07-20 | 7.8 HIGH | N/A |
| Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | |||||
| CVE-2006-5545 | 1 Symantec | 1 Mail Security | 2017-07-20 | 5.0 MEDIUM | N/A |
| Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay. | |||||
| CVE-2006-4412 | 1 Apple | 1 Mac Os X | 2017-07-20 | 6.8 MEDIUM | N/A |
| WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects. | |||||
| CVE-2006-3566 | 1 Hivemail | 1 Hivemail | 2017-07-20 | 5.0 MEDIUM | N/A |
| search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters. | |||||
| CVE-2006-3316 | 1 Spiffyjr | 1 Phpraid | 2017-07-20 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) logs.php and (2) users.php, a different set of vectors than CVE-2006-3116. | |||||
| CVE-2006-4165 | 1 Netcommons | 1 Netcommons | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-3243 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter. | |||||
| CVE-2006-3241 | 1 Xennobb | 1 Xennobb | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter. | |||||
| CVE-2006-3499 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 2.1 LOW | N/A |
| The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users to obtain sensitive information via unspecified dynamic linker options that affect the use of standard error (stderr) by privileged applications. | |||||
| CVE-2006-3239 | 1 Vbzoom | 1 Vbzoom | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | |||||
| CVE-2006-3500 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 7.2 HIGH | N/A |
| The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users to execute arbitrary code via an "improperly handled condition" that leads to use of "dangerous paths," probably related to an untrusted search path vulnerability. | |||||
| CVE-2006-3237 | 1 Senokian Solutions | 1 Enterprise Groupware Systems | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2006-3236 | 1 Thinkfactory | 1 Thinkwms | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php. | |||||
| CVE-2006-3919 | 1 Sd Studio | 1 Sd Studio Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters. | |||||
| CVE-2006-3501 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Radiance image. | |||||
| CVE-2006-3502 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GIF image that triggers a memory allocation failure that is not properly handled. | |||||
| CVE-2006-3235 | 1 Looknet | 1 Fineshop | 2017-07-20 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters. | |||||
| CVE-2006-3234 | 1 Looknet | 1 Fineshop | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters. | |||||