Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7061 | 1 Scriptsez.net | 1 E-dating System | 2008-09-05 | 9.3 HIGH | N/A |
| Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks. | |||||
| CVE-2006-7091 | 1 Hinton Design | 1 Phpht Topsites Free | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpht Topsites FREE 1.022b allows remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7097 | 1 Taskfreak | 1 Taskfreak | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors. | |||||
| CVE-2006-7162 | 1 Putty | 1 Putty | 2008-09-05 | 1.9 LOW | N/A |
| PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files. | |||||
| CVE-2006-7163 | 1 Dreameesoft | 1 Password Master | 2008-09-05 | 6.9 MEDIUM | N/A |
| DreameeSoft Password Master 1.0 stores the database in an unencrypted format when the master password is set, which allows attackers with physical access to read the database contents via an unspecified authentication bypass. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7164 | 3 Ibm, Linux, Unix | 3 Websphere Application Server, Linux Kernel, Unix | 2008-09-05 | 4.3 MEDIUM | N/A |
| SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests. | |||||
| CVE-2006-7167 | 1 Prorat | 1 Server | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote attackers to bypass the authentication mechanism for remote login via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7175 | 2 Redhat, Sendmail | 2 Enterprise Linux, Sendmail | 2008-09-05 | 7.5 HIGH | N/A |
| The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. | |||||
| CVE-2006-7184 | 1 Photography-on-the-net | 1 Exhibit Engine 2 | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7186 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 5.0 MEDIUM | N/A |
| cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927. | |||||
| CVE-2006-7187 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable. | |||||
| CVE-2006-7188 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable. | |||||
| CVE-2006-7189 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer. | |||||
| CVE-2006-7190 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc. | |||||
| CVE-2006-7191 | 1 Ldap Account Manager | 1 Ldap Account Manager | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in lamdaemon.pl in LDAP Account Manager (LAM) before 1.0.0 allows local users to gain privileges via a modified PATH that points to a malicious rm program. | |||||
| CVE-2006-7199 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 8.5 HIGH | N/A |
| EMC RSA Security SiteKey allows remote attackers to display the correct image via a man-in-the-middle (MITM) attack in which an attacker-controlled server proxies authentication data to and from a legitimate SiteKey server. NOTE: the vendor disputes the severity of the issue, stating that it is easier to monitor this attack than "attacks against static web pages." | |||||
| CVE-2006-7200 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 9.0 HIGH | N/A |
| EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token. | |||||
| CVE-2006-7201 | 1 Emc | 1 Rsa Security Sitekey | 2008-09-05 | 9.3 HIGH | N/A |
| EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP. | |||||
| CVE-2006-7202 | 1 Mambo | 1 Mambo Open Source | 2008-09-05 | 7.8 HIGH | N/A |
| The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | |||||
| CVE-2006-7204 | 1 Php | 1 Php | 2008-09-05 | 2.1 LOW | N/A |
| The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents. | |||||
| CVE-2006-7205 | 1 Php Group | 1 Php | 2008-09-05 | 5.0 MEDIUM | N/A |
| The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. | |||||
| CVE-2006-7207 | 1 Ageet | 1 Agephone | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors. | |||||
| CVE-2006-7211 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 4.9 MEDIUM | N/A |
| fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | |||||
| CVE-2006-7212 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | |||||
| CVE-2006-7213 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 5.5 MEDIUM | N/A |
| Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | |||||
| CVE-2006-7214 | 1 Firebirdsql | 1 Firebird | 2008-09-05 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning. | |||||
| CVE-2006-7215 | 1 Intel | 3 Core 2 Duo E4000, Core 2 Duo E6000, Core 2 Extreme X6800 | 2008-09-05 | 2.1 LOW | N/A |
| The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. | |||||
| CVE-2006-7216 | 1 Apache | 1 Derby | 2008-09-05 | 4.0 MEDIUM | N/A |
| Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | |||||
| CVE-2006-7217 | 1 Apache | 1 Derby | 2008-09-05 | 4.0 MEDIUM | N/A |
| Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | |||||
| CVE-2006-7220 | 1 Sap | 2 Saplpd, Sapsprint | 2008-09-05 | 7.8 HIGH | N/A |
| Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-7223 | 1 Xwiki | 1 Xwiki | 2008-09-05 | 6.5 MEDIUM | N/A |
| PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | |||||
| CVE-2007-0004 | 1 Redhat | 1 Enterprise Linux | 2008-09-05 | 1.9 LOW | N/A |
| The NFS client implementation in the kernel in Red Hat Enterprise Linux (RHEL) 3, when a filesystem is mounted with the noacl option, checks permissions for the open system call via vfs_permission (mode bits) data rather than an NFS ACCESS call to the server, which allows local client processes to obtain a false success status from open calls that the server would deny, and possibly obtain sensitive information about file permissions on the server, as demonstrated in a root_squash environment. NOTE: it is uncertain whether any scenarios involving this issue cross privilege boundaries. | |||||
| CVE-2006-6580 | 1 Scriptphp | 1 Pronews | 2008-09-05 | 6.4 MEDIUM | N/A |
| admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6583 | 1 Scriptmate | 1 User Manager | 2008-09-05 | 7.5 HIGH | N/A |
| ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | |||||
| CVE-2006-6600 | 1 Torrentflux | 1 Torrentflux | 2008-09-05 | 6.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. | |||||
| CVE-2006-6625 | 1 Moodle | 1 Moodle | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6626 | 1 Moodle | 1 Moodle | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941. | |||||
| CVE-2006-6638 | 1 Ibm | 1 Db2 Universal Database | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||||
| CVE-2006-6639 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | |||||
| CVE-2006-6654 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 4.3 MEDIUM | N/A |
| The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. | |||||
| CVE-2006-6655 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 1.7 LOW | N/A |
| The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. | |||||
| CVE-2006-6656 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. | |||||
| CVE-2006-6657 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 2.1 LOW | N/A |
| The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | |||||
| CVE-2006-6658 | 1 Inktomi | 1 Inktomi Search | 2008-09-05 | 5.0 MEDIUM | N/A |
| Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | |||||
| CVE-2006-6659 | 1 Microsoft | 3 Ie, Outlook, Windows Xp | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | |||||
| CVE-2006-6662 | 1 Suse | 3 Linux Enterprise Desktop, Suse Linux, Suse Open Enterprise Server | 2008-09-05 | 4.1 MEDIUM | N/A |
| Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password. | |||||
| CVE-2006-6680 | 1 Chetcpasswd | 1 Chetcpasswd | 2008-09-05 | 4.6 MEDIUM | N/A |
| Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | |||||
| CVE-2006-6688 | 1 Web-app.net | 1 Webapp | 2008-09-05 | 7.5 HIGH | N/A |
| Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6700 | 1 Calacode | 1 Atmail Webmail System | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
| CVE-2006-6707 | 1 Mcafee | 2 Neotrace, Visual Trace | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||