Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6721 | 1 Knusperleicht | 1 Shoutbox | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | |||||
| CVE-2006-6744 | 1 Phpprofiles | 1 Phpprofiles | 2008-09-05 | 2.1 LOW | N/A |
| phpProfiles before 2.1.1 does not have an index.php or other index file in the (1) image_data, (2) graphics/comm, or (3) users read/write directories, which might allow remote attackers to list directory contents or have other unknown impacts. | |||||
| CVE-2006-6750 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226. | |||||
| CVE-2006-6752 | 1 Ftprush | 1 Ftprush | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. | |||||
| CVE-2006-6836 | 1 Ibm | 1 Os 400 | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing. | |||||
| CVE-2006-6839 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets." | |||||
| CVE-2006-6840 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter." | |||||
| CVE-2006-6841 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 10.0 HIGH | N/A |
| Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6843 | 1 Joomla | 1 Be It Easypartner Component | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6874 | 1 Endonesia | 1 Endonesia | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6893 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
| Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. NOTE: it could be argued that this is a laws-of-physics vulnerability that is a fundamental design limitation of certain hardware implementations, so perhaps this issue should not be included in CVE. | |||||
| CVE-2006-6894 | 1 Spine | 1 Spine | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security." | |||||
| CVE-2006-6916 | 1 Getahead | 1 Direct Web Remoting | 2008-09-05 | 7.5 HIGH | N/A |
| Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." | |||||
| CVE-2006-6918 | 1 Geobb | 1 Geobb | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors. | |||||
| CVE-2006-6926 | 1 Extremail | 1 Extremail | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6166 | 1 Ryan Demmer | 1 Joomla Content Editor | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. | |||||
| CVE-2006-6171 | 1 Proftpd Project | 1 Proftpd | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability. | |||||
| CVE-2006-6182 | 1 Gabriele Teotino | 1 Gnotebook | 2008-09-05 | 2.1 LOW | N/A |
| The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%\temp\Gnotebook.txt log file, which allows local users to obtain passwords by reading the file. | |||||
| CVE-2006-6226 | 1 Neoengine | 1 Neoengine | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Console::Render in neoengine/console.cpp and (2) TextArea::Render in neowtk/textarea.cpp. | |||||
| CVE-2006-6228 | 1 Codewalkers | 1 Ltwcalendar | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. | |||||
| CVE-2006-6229 | 1 Codewalkers | 1 Ltwcalendar | 2008-09-05 | 5.0 MEDIUM | N/A |
| Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | |||||
| CVE-2006-6238 | 1 Apple | 1 Safari | 2008-09-05 | 5.0 MEDIUM | N/A |
| The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | |||||
| CVE-2006-6294 | 1 Frisk Software | 1 F-prot Antivirus | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in FRISK Software F-Prot Antivirus before 4.6.7 have unspecified impact and attack vectors. NOTE: this might be related to CVE-2006-6293, but it is not clear due to the vagueness of the report. | |||||
| CVE-2006-6331 | 1 Torrentflux | 1 Torrentflux | 2008-09-05 | 6.0 MEDIUM | N/A |
| metaInfo.php in TorrentFlux 2.2, when $cfg["enable_file_priority"] is false, allows remote attackers to execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to (1) details.php and (2) startpop.php. | |||||
| CVE-2006-6353 | 1 Apple | 3 Bomarchivehelper, Mac Os X, Mac Os X Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | |||||
| CVE-2006-6384 | 1 John Goodman | 1 Abitwhizzy | 2008-09-05 | 7.8 HIGH | N/A |
| Absolute path traversal vulnerability in abitwhizzy.php before 20061204 allows remote attackers to read arbitrary files via an absolute pathname in the Filename text window (f parameter), a variant of CVE-2006-6084. | |||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6399 | 1 Superfreaker Studios | 1 Upublisher | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-6414 | 1 Dol Storye | 1 Dol Storye | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6467 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing. | |||||
| CVE-2006-6468 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. | |||||
| CVE-2006-6469 | 1 Xerox | 1 Workcentre | 2008-09-05 | 5.8 MEDIUM | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon. | |||||
| CVE-2006-6470 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
| The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature. | |||||
| CVE-2006-6471 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access. | |||||
| CVE-2006-6472 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
| The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors. | |||||
| CVE-2006-6473 | 1 Xerox | 1 Workcentre | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb. | |||||
| CVE-2006-6515 | 1 Mantis | 1 Mantis | 2008-09-05 | 10.0 HIGH | N/A |
| Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. | |||||
| CVE-2006-6529 | 1 Drupal | 1 Chatroom Module | 2008-09-05 | 7.5 HIGH | N/A |
| The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. | |||||
| CVE-2006-6534 | 1 Oscommerce | 1 Oscommerce | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. | |||||
| CVE-2006-6536 | 1 Cilem | 1 Cilem Haber | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5778 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2008-09-05 | 4.6 MEDIUM | N/A |
| ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | |||||
| CVE-2006-5810 | 1 Xoops | 1 Xoops | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter. | |||||
| CVE-2006-5817 | 1 Parallels | 1 Parallels Desktop | 2008-09-05 | 2.1 LOW | N/A |
| prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. | |||||
| CVE-2006-5911 | 1 Campware.org | 1 Campsite | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Campware Campsite before 2.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the g_documentRoot parameter to (1) Alias.php, (2) Article.php, (3) ArticleAttachment.php, (4) ArticleComment.php, (5) ArticleData.php, (6) ArticleImage.php, (7) ArticleIndex.php, (8) ArticlePublish.php, (9) ArticleTopic.php, (10) ArticleType.php, (11) ArticleTypeField.php, (12) Attachment.php, (13) Country.php, (14) DatabaseObject.php, (15) Event.php, (16) IPAccess.php, (17) Image.php, (18) Issue.php, (19) IssuePublish.php, (20) Language.php, (21) Log.php, (22) LoginAttempts.php, (23) Publication.php, (24) Section.php, (25) ShortURL.php, (26) Subscription.php, (27) SubscriptionDefaultTime.php, (28) SubscriptionSection.php, (29) SystemPref.php, (30) Template.php, (31) TimeUnit.php, (32) Topic.php, (33) UrlType.php, (34) User.php, and (35) UserType.php in implementation/management/classes/; (36) configuration.php and (37) db_connect.php in implementation/management/; and (38) LocalizerConfig.php and (39) LocalizerLanguage.php in implementation/management/priv/localizer/. | |||||
| CVE-2006-5912 | 1 Campware.org | 1 Campsite | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords. | |||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5931 | 1 Aigaion | 1 Aigaion | 2008-09-05 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2008-09-05 | 2.1 LOW | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2006-5961 | 1 Pegasus | 1 Mercury Mail Transport System | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. | |||||