Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | |||||
| CVE-2006-0473 | 1 My Little Homepage | 1 My Little Weblog | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | |||||
| CVE-2006-0713 | 1 Linpha | 1 Linpha | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal. | |||||
| CVE-2006-0566 | 1 Communigate | 1 Communigate Pro Core Server | 2018-10-19 | 5.0 MEDIUM | N/A |
| The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements. | |||||
| CVE-2006-0540 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0639 | 1 Mybulletinboard | 1 Mybulletinboard | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. | |||||
| CVE-2006-0670 | 1 Bluez Project | 1 Hcidump | 2018-10-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet. | |||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | |||||
| CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0690 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | |||||
| CVE-2006-0541 | 1 Tachyon | 1 Vanilla Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "posting new messages." | |||||
| CVE-2006-0559 | 1 Mcafee | 1 Webshield Smtp | 2018-10-19 | 10.0 HIGH | N/A |
| Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. | |||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | |||||
| CVE-2006-0542 | 1 Nukedweb | 1 Guestbookhost | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | |||||
| CVE-2006-0660 | 1 Farsinews | 1 Farsinews | 2018-10-19 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php. | |||||
| CVE-2006-0715 | 1 Solucija | 1 Snews | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. | |||||
| CVE-2006-0577 | 1 Lexmark | 1 X1185 | 2018-10-19 | 7.2 HIGH | N/A |
| Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. | |||||
| CVE-2006-0489 | 1 Khaled Mardam-bey | 1 Mirc | 2018-10-19 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk. | |||||
| CVE-2006-0716 | 1 Solucija | 1 Snews | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2006-0576 | 1 Maynard Johnson | 1 Oprofile | 2018-10-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability. | |||||
| CVE-2006-0627 | 1 Clever Copy | 1 Clever Copy | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats. | |||||
| CVE-2006-0574 | 1 Cpanel | 1 Cpanel | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type. | |||||
| CVE-2006-0719 | 1 Deltascripts | 1 Php Classifieds | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter. | |||||
| CVE-2006-0607 | 1 Hinton Design | 1 Phphd | 2018-10-19 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphd 1.0 does not check passwords when certain cookies are provided, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-0720 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | |||||
| CVE-2006-0721 | 1 Runcms | 1 Runcms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a allows remote attackers to execute arbitrary SQL commands via the to_userid parameter. | |||||
| CVE-2006-0628 | 1 Dale Ray | 1 Myquiz | 2018-10-19 | 7.5 HIGH | N/A |
| myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable. | |||||
| CVE-2006-0655 | 1 Hinton Design | 1 Phpht Topsites | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2018-10-19 | 5.0 MEDIUM | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | |||||
| CVE-2006-0513 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2006-0501 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the Name field, when registering a user. | |||||
| CVE-2006-0529 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. | |||||
| CVE-2006-0676 | 1 Francisco Burzi | 1 Php-nuke | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. | |||||
| CVE-2006-0500 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL. | |||||
| CVE-2006-0604 | 1 Hinton Design | 1 Phphg Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2006-0511 | 1 Blackboard | 2 Blackboard, Blackboard Academic Suite | 2018-10-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product." | |||||
| CVE-2006-0677 | 1 Kth | 1 Heimdal | 2018-10-19 | 7.8 HIGH | N/A |
| telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. | |||||
| CVE-2006-0508 | 1 Easy Cms | 1 Easy Cms | 2018-10-19 | 5.0 MEDIUM | N/A |
| Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory. | |||||
| CVE-2006-0530 | 1 Ca | 1 Messaging | 2018-10-19 | 5.0 MEDIUM | N/A |
| Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. | |||||
| CVE-2006-0507 | 1 Easy Cms | 1 Easy Cms | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form. | |||||
| CVE-2006-0635 | 1 Fabrice Bellard | 1 Tiny C Compiler | 2018-10-19 | 4.6 MEDIUM | N/A |
| Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0506 | 1 Nuked-klan | 1 Nuked-klan | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN 1.7 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. | |||||
| CVE-2006-0634 | 1 Borland Software | 1 C\+\+ Builder | 2018-10-19 | 4.6 MEDIUM | N/A |
| Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0502 | 1 Farsinews | 1 Farsinews | 2018-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loginout.php in FarsiNews 2.1 Beta 2 and earlier, with register_globals enabled, allows remote attackers to include arbitrary files via a URL in the cutepath parameter. | |||||
| CVE-2006-0679 | 1 Francisco Burzi | 1 Php-nuke Ev | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | |||||
| CVE-2006-0505 | 1 Zbattle.net | 1 Zbattle Client | 2018-10-19 | 5.0 MEDIUM | N/A |
| zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game. | |||||
| CVE-2006-0683 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Virtual Hosting Control System (VHCS) 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log utility to read the log file. | |||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | |||||
| CVE-2006-0546 | 1 Egeinternet | 1 Egeinternet | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE. | |||||