Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5910 | 1 Campware.org | 1 Campsite | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 20061110 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php in implementation/management/priv/. | |||||
| CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5986 | 1 Extreme Cms | 1 Extreme Cms | 2011-03-08 | 6.8 MEDIUM | N/A |
| admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6055 | 1 D-link | 1 Dwl-g132 | 2011-03-08 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE). | |||||
| CVE-2006-6072 | 1 Bpg-infotech | 2 Easy Publisher, Smart Publisher Pro | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5423 | 1 Lou Portail | 1 Lou Portail | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5449 | 1 Horde | 1 Ingo H3 | 2011-03-08 | 6.5 MEDIUM | N/A |
| procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule. | |||||
| CVE-2006-5466 | 2 Rpm, Ubuntu | 2 Package Manager, Ubuntu Linux | 2011-03-08 | 5.4 MEDIUM | N/A |
| Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages. | |||||
| CVE-2006-5500 | 1 Xchangeboard | 1 Xchangeboard | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userNick or (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5564 | 1 Maxdev | 1 Md-pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5565 | 1 Maxdev | 1 Md-pro | 2011-03-08 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5642 | 1 Nmnlogger | 1 Nmnlogger | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers. | |||||
| CVE-2006-5657 | 1 Vilistextum | 1 Vilistextum | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | |||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2011-03-08 | 4.6 MEDIUM | N/A |
| IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2011-03-08 | 4.6 MEDIUM | N/A |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | |||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 2.6 LOW | N/A |
| QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | |||||
| CVE-2006-5705 | 1 Wordpress | 1 Wordpress | 2011-03-08 | 6.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. | |||||
| CVE-2006-5709 | 1 Alt-n | 1 Mdaemon | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit." | |||||
| CVE-2006-5722 | 1 Middlebury College | 1 Segue Cms | 2011-03-08 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parameter to (1) themesettings.php or (2) index.php, a different vector than CVE-2006-5497. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5726 | 1 Sun | 1 Solaris | 2011-03-08 | 4.9 MEDIUM | N/A |
| alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. | |||||
| CVE-2006-5809 | 1 Jonathon J. Freeman | 1 Ovbb | 2011-03-08 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors. | |||||
| CVE-2006-5859 | 1 Adobe | 1 Coldfusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm. | |||||
| CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2011-03-08 | 5.1 MEDIUM | N/A |
| pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information. | |||||
| CVE-2006-4801 | 1 Roxio | 1 Toast | 2011-03-08 | 6.2 MEDIUM | N/A |
| Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges. | |||||
| CVE-2006-4831 | 1 Iodine | 1 Iodine | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." | |||||
| CVE-2006-4964 | 1 Maxdev | 1 Md-pro | 2011-03-08 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker. | |||||
| CVE-2006-5035 | 1 Paul Smith Computer Services | 1 Vcap | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5098 | 1 Andreas Gohr | 1 Dokuwiki | 2011-03-08 | 5.0 MEDIUM | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | |||||
| CVE-2006-5099 | 1 Andreas Gohr | 1 Dokuwiki | 2011-03-08 | 7.5 HIGH | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. | |||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2011-03-08 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5179 | 1 Intoto | 2 Igateway Ssl-vpn, Igateway Vpn | 2011-03-08 | 5.4 MEDIUM | N/A |
| Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. | |||||
| CVE-2006-5184 | 1 Pkr Internet | 1 Taskjitsu | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid. | |||||
| CVE-2006-5211 | 1 Trend Micro | 1 Officescan Corporate Edition | 2011-03-08 | 6.4 MEDIUM | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan clients via a certain HTTP request that invokes the OfficeScan CGI program. | |||||
| CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2011-03-08 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | |||||
| CVE-2006-5235 | 1 Dimension Of Phpbb | 1 Dimension Of Phpbb | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5237 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5238 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. | |||||
| CVE-2006-5323 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360. | |||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2011-03-08 | 7.5 HIGH | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | |||||
| CVE-2006-5326 | 1 Phpbb Prillian | 1 French Language Pack | 2011-03-08 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4473 | 1 Joomla | 1 Joomla | 2011-03-08 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. | |||||
| CVE-2006-4475 | 1 Joomla | 1 Joomla | 2011-03-08 | 7.5 HIGH | N/A |
| Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. | |||||
| CVE-2006-4476 | 1 Joomla | 1 Joomla | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload Image; (4) ->load(); (5) content submissions when frontpage is selected; (6) the mosPageNav constructor; (7) saveOrder functions; (8) the absence of "exploit blocking rules" in htaccess; and (9) the ACL. | |||||
| CVE-2006-4522 | 1 Ibm | 1 Aix | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. | |||||
| CVE-2006-4539 | 1 Cerberus | 1 Cerberus Helpdesk | 2011-03-08 | 7.5 HIGH | N/A |
| (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the ticket parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2011-03-08 | 2.6 LOW | N/A |
| Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | |||||
| CVE-2006-4587 | 1 Vtiger | 1 Vtiger Crm | 2011-03-08 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. | |||||
| CVE-2006-4588 | 1 Vtiger | 1 Vtiger Crm | 2011-03-08 | 7.5 HIGH | N/A |
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | |||||