Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6651 | 1 Intel | 1 2200bg Proset Wireless | 2011-03-08 | 6.8 MEDIUM | N/A |
| Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information. | |||||
| CVE-2006-6660 | 1 Kde | 1 Libkhtml | 2011-03-08 | 4.3 MEDIUM | N/A |
| The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | |||||
| CVE-2006-6663 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." | |||||
| CVE-2006-6664 | 1 Marathon Aleph One | 1 Marathon Aleph One | 2011-03-08 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information. | |||||
| CVE-2006-6667 | 1 Verliadmin | 1 Verliadmin | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6668 | 1 Verliadmin | 1 Verliadmin | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6670 | 1 Nortel | 1 Callpilot Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | |||||
| CVE-2006-6672 | 1 Maxiasp | 1 Burak Yilmaz Download Portal | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6678 | 1 Netrik | 1 Netrik | 2011-03-08 | 7.5 HIGH | N/A |
| The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | |||||
| CVE-2006-6692 | 1 Zabbix | 1 Zabbix | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. | |||||
| CVE-2006-6693 | 1 Zabbix | 1 Zabbix | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. | |||||
| CVE-2006-6695 | 1 Carsen Klock | 1 Textsend | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6698 | 1 Gnome | 1 Gconf | 2011-03-08 | 1.9 LOW | N/A |
| The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | |||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6705 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | |||||
| CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2011-03-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | |||||
| CVE-2006-6712 | 1 Sugarcrm | 1 Sugarcrm | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages. | |||||
| CVE-2006-6713 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2011-03-08 | 10.0 HIGH | N/A |
| Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. | |||||
| CVE-2006-6714 | 1 Hitachi | 1 Hitachi Directory Server 2 | 2011-03-08 | 7.8 HIGH | N/A |
| Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. | |||||
| CVE-2006-6725 | 1 Phpbuilder | 1 Phpbuilder | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) lib/htm2php.php and (2) sitetools/htm2php.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6727 | 1 Inertianews | 1 Inertianews | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inertianews_class.php in inertianews 0.02 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. | |||||
| CVE-2006-6728 | 1 Lan Messenger | 1 Lan Messenger | 2011-03-08 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors. | |||||
| CVE-2006-6748 | 1 Newxooper | 1 Newxooper | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in i-accueil.php in Newxooper 0.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6761 | 1 Novell | 1 Netmail | 2011-03-08 | 6.5 MEDIUM | N/A |
| Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via a long argument to the SUBSCRIBE command. | |||||
| CVE-2006-6762 | 1 Novell | 1 Netmail | 2011-03-08 | 4.0 MEDIUM | N/A |
| The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. | |||||
| CVE-2006-6782 | 1 Pnamazu | 1 Pnamazu | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6790 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2011-03-08 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in chat/login.php in Ultimate PHP Board (UPB) 2.0b1 and earlier allows remote attackers to inject arbitrary PHP code via the username parameter, which is injected into chat/text.php. | |||||
| CVE-2006-6075 | 1 Baalasp | 1 Smart Form Portal | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6135 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831). | |||||
| CVE-2006-6136 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors. | |||||
| CVE-2006-6139 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6140 | 1 Sisfo Kampus | 1 Sisfo Kampus | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6146 | 1 Takeshi Kanno | 1 Haru Free Pdf Library | 2011-03-08 | 2.6 LOW | N/A |
| Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle. | |||||
| CVE-2006-6151 | 1 Messagerie Locale | 1 Messagerie Locale | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6172 | 2 Mplayer, Xine | 2 Mplayer, Real Media Input Plugin | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | |||||
| CVE-2006-6174 | 1 Tdiary | 1 Tdiary | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. | |||||
| CVE-2006-6178 | 1 Trend Micro | 1 Officescan | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1087 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6179 | 1 Trend Micro | 1 Officescan | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\CgiRemoteInstall.exe for Trend Micro OfficeScan 7.3 before build 7.3.0.1089 allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2006-6190 | 1 Anna Irc Bot | 1 Anna\^ Irc Bot | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. | |||||
| CVE-2006-6192 | 1 8pixel.net | 1 Simple Blog | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6212 | 1 Webwiz | 1 Site News | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6215 | 1 Wallpaper | 1 Wallpaper Complete Website | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php. | |||||
| CVE-2006-6244 | 1 Coalescent Systems | 1 Freepbx | 2011-03-08 | 7.5 HIGH | N/A |
| Coalescent Systems freePBX (formerly Asterisk Management Portal) before 2.2.0rc1 allows attackers to execute arbitrary commands via shell metacharacters in (1) CALLERID(name) or (2) CALLERID(number). | |||||
| CVE-2006-6307 | 1 Novell | 1 Client | 2011-03-08 | 5.0 MEDIUM | N/A |
| srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary. | |||||
| CVE-2006-6318 | 1 Stefan Ritt | 1 Elog Web Logbook | 2011-03-08 | 5.0 MEDIUM | N/A |
| The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6344 | 1 Neocrome | 1 Seditio | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and earlier have unknown impact and attack vectors related to (1) plugins/ipsearch/ipsearch.admin.php, and (2) pfs/pfs.edit.inc.php, (3) users/users.register.inc.php in system/core. NOTE: the users.profile.inc.php vector is identified by CVE-2006-6177. NOTE: these issues might be related to SQL injection. | |||||
| CVE-2006-6357 | 1 Phpnews | 1 Phpnews | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6395 | 1 Ulrik Petersen | 2 Emdros Database Engine, Emrdos Database Engine | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in Ulrik Petersen Emdros Database Engine before 1.2.0.pre231 allow local users to cause a denial of service (memory consumption) via unspecified vectors, a different issue than CVE-2005-0415. | |||||
| CVE-2006-6400 | 1 Justsystem | 6 Hanako, Hanako Viewer, Ichitaro and 3 more | 2011-03-08 | 6.8 MEDIUM | N/A |
| Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer 1.x, Ichitaro 2004, Ichitaro 2005, Ichitaro Lite2, Ichitaro viewer 4.x, and Sanshiro 2005 allows remote attackers to execute arbitrary code via the (1) Keyword and (2) Title fields, related to string length fields. | |||||
| CVE-2006-6413 | 1 Amateras | 1 Amateras Sns | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||