Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7214 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning. | |||||
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2008-09-05 | 9.3 HIGH | N/A |
| Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | |||||
| CVE-2006-7213 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 5.5 MEDIUM | N/A |
| Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | |||||
| CVE-2006-7212 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | |||||
| CVE-2006-7211 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 4.9 MEDIUM | N/A |
| fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | |||||
| CVE-2006-7091 | 1 Hinton Design | 1 Phpht Topsites Free | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7207 | 1 Ageet | 1 Agephone | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | |||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||||
| CVE-2006-7199 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 8.5 HIGH | N/A |
| EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." | |||||
| CVE-2006-7204 | 1 Php | 1 Php | 2008-09-05 | 2.1 LOW | N/A |
| The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. | |||||
| CVE-2006-7202 | 1 Mambo | 1 Mambo Open Source | 2008-09-05 | 7.8 HIGH | N/A |
| The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | |||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 9.3 HIGH | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | |||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 9.0 HIGH | N/A |
| EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | |||||
| CVE-2006-7187 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. | |||||
| CVE-2006-7184 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6752 | 1 Ftprush | 1 Ftprush | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. | |||||
| CVE-2006-6843 | 1 Joomla | 1 Be It Easypartner Component | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6721 | 1 Knusperleicht | 1 Shoutbox | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | |||||
| CVE-2006-6654 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.3 MEDIUM | N/A |
| The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. | |||||
| CVE-2006-6626 | 1 Moodle | 1 Moodle | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | |||||
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6580 | 1 Scriptphp | 1 Pronews | 2008-09-05 | 6.4 MEDIUM | N/A |
| admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||||
| CVE-2006-6700 | 1 Calacode | 1 Atmail Webmail System | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security." | |||||
| CVE-2006-6750 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226. | |||||
| CVE-2006-6688 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 7.5 HIGH | N/A |
| Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6926 | 1 Extremail | 1 Extremail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6744 | 1 Phpprofiles | 1 Phpprofiles | 2008-09-05 | 2.1 LOW | N/A |
| phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | |||||
| CVE-2006-6916 | 1 Getahead | 1 Direct Web Remoting | 2008-09-05 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | |||||
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | |||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||||
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | |||||
| CVE-2006-6893 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
| Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE. | |||||
| CVE-2006-6680 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | |||||
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6658 | 1 Inktomi | 1 Inktomi Search | 2008-09-05 | 5.0 MEDIUM | N/A |
| Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | |||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||||
| CVE-2006-6600 | 1 Torrentflux | 1 Torrentflux | 2008-09-05 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | |||||
| CVE-2006-6657 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | |||||
| CVE-2006-6656 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. | |||||
| CVE-2006-6655 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 1.7 LOW | N/A |
| The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. | |||||
| CVE-2006-6583 | 1 Scriptmate | 1 User Manager | 2008-09-05 | 7.5 HIGH | N/A |
| ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | |||||
| CVE-2006-6918 | 1 Geobb | 1 Geobb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. | |||||
| CVE-2006-6534 | 1 Oscommerce | 1 Oscommerce | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. | |||||
| CVE-2006-6399 | 1 Superfreaker Studios | 1 Upublisher | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6536 | 1 Cilem | 1 Cilem Haber | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6171 | 1 Proftpd Project | 1 Proftpd | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability. | |||||