Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2724 | 1 Punbb | 1 Punbb | 2017-07-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227. | |||||
| CVE-2006-2722 | 1 Out Of The Trees Web Design | 1 Selectapix | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-2717 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Secure Elements Class 5 AVR client and server (aka C5 EVM) before 2.8.1 allows authenticated attackers to overwrite arbitrary files (1) on a server during an update or (2) on a client via modified pathnames, possibly due to a directory traversal issue. | |||||
| CVE-2006-2209 | 1 Php Arena | 1 Pacheckbook | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2716 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 7.5 HIGH | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a hard-coded user ID and password, which allows remote attackers to gain access to the server. | |||||
| CVE-2006-2715 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 7.5 HIGH | N/A |
| The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 does not enforce access control, which allows remote attackers to gain access to servers via the console. | |||||
| CVE-2006-2714 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID. | |||||
| CVE-2006-2208 | 1 Planetluc | 1 Mynews | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters. | |||||
| CVE-2006-2713 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates predictable CEIDs, which allows remote attackers to determine the CEID of a protected asset, which can be used in other attacks against AVR. | |||||
| CVE-2006-2712 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages. | |||||
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2017-07-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | |||||
| CVE-2006-2206 | 1 Ultravnc | 1 Ultravnc | 2017-07-20 | 10.0 HIGH | N/A |
| The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. | |||||
| CVE-2006-2711 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages. | |||||
| CVE-2006-2710 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same invariant RSA key for all installations, which allows remote attackers with the key to decrypt communications. | |||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2017-07-20 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | |||||
| CVE-2006-2709 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate the source address of a message, which allows remote attackers to (1) execute arbitrary code on a client or (2) forge messages to the server. | |||||
| CVE-2006-2708 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read). | |||||
| CVE-2006-2707 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients. | |||||
| CVE-2006-2706 | 1 Secure Elements | 1 Class 5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause a denial of service via forged "session start" messages that cause AVR to connect to arbitrary hosts. | |||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | |||||
| CVE-2006-2185 | 1 Novell | 1 Netware | 2017-07-20 | 4.0 MEDIUM | N/A |
| PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | |||||
| CVE-2006-2705 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows remote attackers to cause an unspecified denial of service via a large number of forged client registration messages. | |||||
| CVE-2006-2704 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2017-07-20 | 5.0 MEDIUM | N/A |
| Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information. | |||||
| CVE-2006-2701 | 1 Geeklog | 1 Geeklog | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to story submission. | |||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2017-07-20 | 5.1 MEDIUM | N/A |
| admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | |||||
| CVE-2006-2183 | 1 Truecrypt Foundation | 1 Truecrypt | 2017-07-20 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command. | |||||
| CVE-2006-2691 | 1 Amule | 1 Amule | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. | |||||
| CVE-2006-2689 | 1 Eva-web | 1 Eva-web | 2017-07-20 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. | |||||
| CVE-2006-2688 | 1 Achievo | 1 Achievo | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | |||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2017-07-20 | 4.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | |||||
| CVE-2006-2179 | 1 Smartwin Technology | 1 Cyberoffice Warehouse Builder | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm. | |||||
| CVE-2006-2306 | 1 Keyvan Janghorbani | 1 Epublisherpro | 2017-07-20 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2176 | 1 Php Design X | 1 Php Linkliste | 2017-07-20 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter. | |||||
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2017-07-20 | 5.0 MEDIUM | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | |||||
| CVE-2006-2174 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. | |||||
| CVE-2006-2676 | 1 Sitescape | 1 Sitescape Forum | 2017-07-20 | 5.0 MEDIUM | N/A |
| Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames. | |||||
| CVE-2006-2173 | 1 Filezilla | 1 Filezilla Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. | |||||
| CVE-2006-2171 | 1 Jgaa | 1 Warftpd | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2170 | 1 Argosoft | 1 Ftp Server | 2017-07-20 | 6.4 MEDIUM | N/A |
| Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | |||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | |||||
| CVE-2006-2629 | 1 Linux | 1 Linux Kernel | 2017-07-20 | 4.0 MEDIUM | N/A |
| Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h. | |||||
| CVE-2006-2614 | 1 Sun | 1 N1 System Manager | 2017-07-20 | 4.6 MEDIUM | N/A |
| Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | |||||
| CVE-2006-2611 | 1 Mediawiki | 1 Mediawiki | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. | |||||
| CVE-2006-2169 | 1 Best Practical Solutions | 1 Request Tracker | 2017-07-20 | 5.0 MEDIUM | N/A |
| RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | |||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2017-07-20 | 6.4 MEDIUM | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-2592 | 1 Dschat | 1 Dschat | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2586 | 1 Iplogger | 1 Iplogger | 2017-07-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | |||||
| CVE-2006-2585 | 1 Greg Donald | 1 Destiney Links Script | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2582 | 1 Rwiki | 1 Rwiki | 2017-07-20 | 7.5 HIGH | N/A |
| The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors. | |||||