Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3742 | 1 Kde | 1 Kdebase | 2008-09-05 | 10.0 HIGH | N/A |
| The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. | |||||
| CVE-2006-3025 | 1 Lucid Designs | 1 Lucid Calendar | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3069 | 1 Iglooweb | 1 Doublespeak | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used. | |||||
| CVE-2006-3108 | 1 Emailarchitect | 1 Email Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter. | |||||
| CVE-2006-3118 | 1 Canonical | 1 Spread | 2008-09-05 | 1.2 LOW | N/A |
| spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue. | |||||
| CVE-2006-3263 | 1 Mambo | 1 Mambo | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-3355 | 1 Mpg123 | 1 Mpg123 | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. | |||||
| CVE-2006-3378 | 1 Ubuntu | 1 Ubuntu Linux | 2008-09-05 | 7.2 HIGH | N/A |
| passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | |||||
| CVE-2006-2692 | 1 Amule | 1 Amule | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. | |||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | |||||
| CVE-2006-2759 | 1 Jetty | 1 Jetty | 2008-09-05 | 5.0 MEDIUM | N/A |
| jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary script source code via a capital P in the .jsp extension, and probably other mixed case manipulations. | |||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2805 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. | |||||
| CVE-2006-2846 | 1 Visiongate | 1 Visiongate Portal System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2957 | 1 Skoom | 1 I.list | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | |||||
| CVE-2006-2365 | 1 Vizra | 1 Vizra | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2006-2406 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2008-09-05 | 2.6 LOW | N/A |
| Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter. | |||||
| CVE-2006-2441 | 1 Pioneers | 1 Pioneers Meta-server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | |||||
| CVE-2006-2443 | 1 Knowledgetree | 1 Knowledgetree | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database. | |||||
| CVE-2006-2463 | 1 Out Of The Trees Web Design | 1 Selectapix | 2008-09-05 | 5.0 MEDIUM | N/A |
| view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | |||||
| CVE-2006-1910 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1915 | 1 Dbbs | 1 Dbbs | 2008-09-05 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in topics.php in DbbS 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the fcategoryid parameter. | |||||
| CVE-2006-1948 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 4.0 MEDIUM | N/A |
| The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | |||||
| CVE-2006-1974 | 1 Mybulletinboard | 1 Mybulletinboard | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | |||||
| CVE-2006-1975 | 1 Stadtaus.com | 1 Php-gastebuch | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field. | |||||
| CVE-2006-1976 | 1 Geekforgod.net | 1 Prayer Request Board | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer Request Board (PRB) Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field. | |||||
| CVE-2006-2098 | 1 Php Thumbnail Autoindex | 1 Php Thumbnail Autoindex | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html. | |||||
| CVE-2006-2105 | 1 Jupiter Cms | 1 Jupiter Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter. | |||||
| CVE-2006-2132 | 1 Duware | 1 Duclassified | 2008-09-05 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2217 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1646 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2008-09-05 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2008-09-05 | 7.2 HIGH | N/A |
| vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. | |||||
| CVE-2006-1674 | 1 Phpwebgallery | 1 Phpwebgallery | 2008-09-05 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. | |||||
| CVE-2006-1700 | 1 Aweb | 1 Scripts Seller | 2008-09-05 | 7.5 HIGH | N/A |
| Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | |||||
| CVE-2006-1744 | 1 Joey Hess | 1 Bsdgames | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | |||||
| CVE-2006-1772 | 1 Debian | 1 Debian Linux | 2008-09-05 | 7.2 HIGH | N/A |
| debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password. | |||||
| CVE-2006-1775 | 1 Phpbb Group | 1 Phpbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. | |||||
| CVE-2006-1792 | 1 Mailenable | 3 Mailenable Enterprise, Mailenable Professional, Mailenable Standard | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337. | |||||
| CVE-2006-1793 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.6 HIGH | N/A |
| Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659. | |||||
| CVE-2006-1796 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). | |||||
| CVE-2006-1094 | 2 Datenbank Module, Woltlab | 2 Datenbank Module, Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2006-1099 | 1 Logit | 1 Logit | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1164 | 1 Nodez | 1 Nodez | 2008-09-05 | 7.5 HIGH | N/A |
| Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. | |||||
| CVE-2006-1167 | 1 Sgi | 1 Propack | 2008-09-05 | 1.2 LOW | N/A |
| SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information. | |||||
| CVE-2006-1216 | 1 Runcms | 1 Runcms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-1253 | 1 Glftpd | 1 Glftpd | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. | |||||
| CVE-2006-1263 | 1 Wordpress | 1 Wordpress | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1394 | 1 University Of Washington | 1 Pubcookie | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors. | |||||
| CVE-2006-1436 | 1 Upoint | 1 At1 Event Publisher | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm. | |||||