Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3916 | 1 Solucija | 1 Snews | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. | |||||
| CVE-2006-3342 | 1 Olate | 1 Arctic | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search cmd. | |||||
| CVE-2006-3233 | 1 Open Webmail | 1 Open Webmail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE. | |||||
| CVE-2006-3503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed GIF image. | |||||
| CVE-2006-3229 | 1 Open Webmail | 1 Open Webmail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML." | |||||
| CVE-2006-3783 | 1 Sun | 1 Solaris | 2017-07-20 | 4.9 MEDIUM | N/A |
| Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. | |||||
| CVE-2006-3225 | 1 Sun | 2 Java System Application Server, One Application Server | 2017-07-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. | |||||
| CVE-2006-3420 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-3224 | 1 Apple | 1 Safari | 2017-07-20 | 5.4 MEDIUM | N/A |
| Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself. | |||||
| CVE-2006-3222 | 1 Fortinet | 1 Fortios | 2017-07-20 | 5.0 MEDIUM | N/A |
| The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode. | |||||
| CVE-2006-3504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 5.1 MEDIUM | N/A |
| The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 can identify certain HTML as "safe", which could allow attackers to execute Javascript code in local context when the "Open 'safe' files after downloading" option is enabled in Safari. | |||||
| CVE-2006-3216 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2017-07-20 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to cause a denial of service via (1) non-ASCII characters in a reverse DNS lookup result from a Received header, which leads to a Receiver service stop, and (2) unspecified vectors involving malformed messages, which causes "unpredictable behavior" that prevents the Security service from processing more messages. | |||||
| CVE-2006-3505 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 7.5 HIGH | N/A |
| WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated. | |||||
| CVE-2006-4032 | 1 Cisco | 1 Callmanager Express | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417. | |||||
| CVE-2006-3348 | 1 Swsoft | 1 Hspcomplete | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php. | |||||
| CVE-2006-4035 | 1 Counterchaos | 1 Counterchaos | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2006-3215 | 1 Clearswift | 2 Mailsweeper For Exchange, Mailsweeper For Smtp | 2017-07-20 | 7.5 HIGH | N/A |
| Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for Exchange before 4.3.20 allows remote attackers to bypass the "text analysis", possibly bypassing SPAM and other filters, by sending an e-mail specifying a non-existent or unrecognized character set. | |||||
| CVE-2006-3214 | 1 Hitachi | 2 Groupmax Address Server, Groupmax Mail Server | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests". | |||||
| CVE-2006-3570 | 1 Drupal | 1 Drupal | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the webform module in Drupal 4.6 before July 8, 2006 and 4.7 before July 8, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2017-07-20 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | |||||
| CVE-2006-4041 | 1 Pike | 1 Pike | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2006-4232 | 1 Globus | 1 Globus Toolkit | 2017-07-20 | 1.2 LOW | N/A |
| Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access. | |||||
| CVE-2006-3910 | 1 Microsoft | 1 Ie | 2017-07-20 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. | |||||
| CVE-2006-3944 | 1 Microsoft | 1 Ie | 2017-07-20 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference. | |||||
| CVE-2006-3212 | 1 Cjguestbook | 1 Cjguestbook | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject web script or HTML via the (1) name, (2) email, (3) add, and (4) wName parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-4087 | 1 Mojoscripts | 1 Mojogallery | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4085 | 1 Olaf Noehring | 1 The Search Engine Project | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3510 | 1 Microsoft | 1 Ie | 2017-07-20 | 2.6 LOW | N/A |
| The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read. | |||||
| CVE-2006-3202 | 1 Netbsd | 1 Netbsd | 2017-07-20 | 4.9 MEDIUM | N/A |
| The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain configurations, does not check to see if IPv4-mapped sockets are being used before processing IPv6 socket options, which allows local users to cause a denial of service (crash) by creating an IPv4-mapped IPv6 socket with the SO_TIMESTAMP socket option set, then sending an IPv4 packet through the socket. | |||||
| CVE-2006-3197 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML. | |||||
| CVE-2006-3356 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-20 | 2.6 LOW | N/A |
| The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469. | |||||
| CVE-2006-3536 | 1 Ej3 | 1 Topo | 2017-07-20 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports. | |||||
| CVE-2006-3574 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). | |||||
| CVE-2006-3189 | 1 Hotplug Cms | 1 Hotplug Cms | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-3188 | 1 Sharky E-shop | 1 Sharky E-shop | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4175 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2017-07-20 | 7.8 HIGH | N/A |
| The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2006-3372 | 1 Apple | 1 Safari | 2017-07-20 | 5.0 MEDIUM | N/A |
| Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | |||||
| CVE-2006-3908 | 1 Gillius Programming | 1 Game Networking Engine | 2017-07-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console. | |||||
| CVE-2006-3379 | 1 Hiki Wiki | 1 Hiki Wiki | 2017-07-20 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 and 0.8.0 through 0.8.5 allows remote attackers to cause a denial of service (CPU consumption) by performing a diff between large, crafted pages that trigger the worst case. | |||||
| CVE-2006-4083 | 1 Mywebland | 1 Myevent | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewevent.php in myWebland myEvent 1.x allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter, a different vector than CVE-2006-4040. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3186 | 1 Cms Faethon | 1 Cms Faethon | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4181 | 1 Gnu | 1 Radius | 2017-07-20 | 10.0 HIGH | N/A |
| Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-3308 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2017-07-20 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the wpprop code for Project EROS bbsengine before 20060622-0315 has unknown impact and remote attack vectors via [img] tags, possibly cross-site scripting (XSS). | |||||
| CVE-2006-4233 | 1 Globus | 1 Globus Toolkit | 2017-07-20 | 3.6 LOW | N/A |
| Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config. | |||||
| CVE-2006-4044 | 1 Brad Fears | 1 Phpcodecabinet | 2017-07-20 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter. | |||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2017-07-20 | 7.5 HIGH | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | |||||
| CVE-2006-3760 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-4047 | 1 Netious Cms | 1 Netious Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3183 | 1 Mobescripts | 1 Mobile Space Community | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). | |||||