Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2006-11-21
Critical

CVE-2006-6026

Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application c…

Read more
Medium

CVE-2006-6017

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application c…

Read more
Critical

CVE-2006-6024

Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eud…

Read more
Medium

CVE-2006-6016

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

Read more
Medium

CVE-2006-5990

VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 ce…

Read more
2006-11-20
Medium

CVE-2006-5981

Multiple directory traversal vulnerabilities in SeleniumServer FTP Server 1.0, and possibly earlier, allow remote attackers to list arbitrary directories, read arbitrary files, and upload arbitrary f…

Read more
2006-11-17
Low

CVE-2006-5793

The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a deni…

Read more
High

CVE-2006-5957

Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) add…

Read more
2006-11-16
High

CVE-2006-5937

Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 allow remote attackers to execute arbitrary code via crafted (1) CAB or (2) RAR archives that trigger a heap-based buffer overflow.…

Read more
Critical

CVE-2006-5938

Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.

Read more
High

CVE-2006-5939

Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtain…

Read more
2006-11-15
Medium

CVE-2006-5897

Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) color…

Read more
2006-11-14
Medium

CVE-2006-4687

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corru…

Read more
High

CVE-2006-5882

Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows rem…

Read more
2006-11-11
Medium

CVE-2006-5864

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file wit…

Read more
High

CVE-2006-5865

PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.

Read more
2006-11-10
Critical

CVE-2006-5487

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in…

Read more
High

CVE-2006-5840

Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to sl…

Read more
Medium

CVE-2006-5843

Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.

Read more
Medium

CVE-2006-5845

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

Read more
Medium

CVE-2006-5846

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vecto…

Read more
Medium

CVE-2006-5847

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

Read more
Low

CVE-2006-5851

openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328.

Read more
Medium

CVE-2006-5829

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) c…

Read more
2006-11-08
Critical

CVE-2006-5815

Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstr…

Read more
2006-11-07
High

CVE-2006-5788

PHP remote file inclusion vulnerability in (1) index.php and (2) admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to execute arbitrary PHP code via a URL in the p parameter.

Read more
High

CVE-2006-5779

OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.

Read more
2006-11-06
Medium

CVE-2006-5767

PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter.

Read more
Medium

CVE-2006-5762

PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: t…

Read more
High

CVE-2006-5764

PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the p…

Read more
High

CVE-2006-5758

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissi…

Read more
High

CVE-2006-5738

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Read more
2006-11-04
Medium

CVE-2006-5702

Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-ar…

Read more
Medium

CVE-2006-5703

Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demon…

Read more
High

CVE-2006-5708

Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors res…

Read more
High

CVE-2006-5710

The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.1…

Read more
Medium

CVE-2006-5725

The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and…

Read more
2006-11-01
Medium

CVE-2006-5646

Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remot…

Read more
Medium

CVE-2006-5647

Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and…

Read more
Medium

CVE-2006-5634

Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body…

Read more
2006-10-31
Medium

CVE-2006-5632

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006…

Read more
High

CVE-2006-5629

Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) e…

Read more
High

CVE-2006-5621

PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, and other versions before 0.9b, allows remote attackers to execute arbitrary PHP code via a URL in the footfile parameter.

Read more
High

CVE-2006-5606

Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLog…

Read more
High

CVE-2006-5612

PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in GestArt beta 1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the aide parameter.

Read more
Critical

CVE-2006-5610

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP cod…

Read more
2006-10-30
Critical

CVE-2006-5603

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is un…

Read more
2006-10-28
Critical

CVE-2006-5601

Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecifie…

Read more
High

CVE-2006-4574

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a…

Read more
2006-10-27
Critical

CVE-2006-5559

The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, an…

Read more
Medium

CVE-2006-5560

Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and un…

Read more
2006-10-26
High

CVE-2006-5552

Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a…

Read more
Medium

CVE-2006-5530

Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php,…

Read more
Medium

CVE-2006-5534

Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the…

Read more
High

CVE-2006-5517

Multiple PHP remote file inclusion vulnerabilities in Rhode Island Open Meetings Filing Application (OMFA) allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter…

Read more
Medium

CVE-2006-5519

PHP remote file inclusion vulnerability in Savant2/Savant2_Plugin_options.php in the MambWeather 1.8.1 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL…

Read more
2006-10-25
High

CVE-2006-5506

Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 allow remote attackers to execute arbitrary PHP code via the path parameter in (1) inc/prepend.inc.php, (2) inc/lib/boxes.lib.php, (…

Read more
High

CVE-2006-5507

Multiple PHP remote file inclusion vulnerabilities in Der Dirigent (DeDi) 1.0.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg_dedi[dedi_path] parameter in (1) find.php, (2…

Read more
High

CVE-2006-5494

Multiple PHP remote file inclusion vulnerabilities in modules/My_eGallery/public/displayCategory.php in the pandaBB module for PHP-Nuke allow remote attackers to execute arbitrary PHP code via a URL…

Read more
2006-10-24
Medium

CVE-2006-5486

Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via cr…

Read more
High

CVE-2006-5478

Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (…

Read more
Medium

CVE-2006-5480

PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.

Read more
High

CVE-2006-5481

Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor PHP Web Builder 1.1.1 allow remote attackers to execute arbitrary PHP code via the rootpath parameter in (1) lib/code.php, (2) lib…

Read more
2006-10-23
Low

CVE-2006-5451

Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) file, and (3) users array variables in (a)…

Read more
Medium

CVE-2006-5456

Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that…

Read more
2006-10-20
High

CVE-2006-5439

PHP remote file inclusion vulnerability in adminfoot.php in Comdev Misc Tools 4.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path[docroo…

Read more
Medium

CVE-2006-5418

PHP remote file inclusion vulnerability in archive/archive_topic.php in pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB allows remote attackers to execute arbitrary PHP code…

Read more
2006-10-18
High

CVE-2006-5399

PHP remote file inclusion vulnerability in classes/Import_MM.class.php in PHPRecipeBook 2.36, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the…

Read more
High

CVE-2006-5402

Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) class_path, (2) javascript_path, and (3) i…

Read more
Medium

CVE-2006-5390

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in…

Read more
Medium

CVE-2006-5393

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were writte…

Read more
2006-10-17
Medium

CVE-2006-4819

Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).

Read more
Medium

CVE-2006-5330

CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and earlier for Windows, 7.0.63 and earlier for Linux, 7.x before 7.0 r67 for Solaris, and before 9.0.28.0 for Mac OS X, allows remote…

Read more
Medium

CVE-2006-4342

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl…

Read more
Medium

CVE-2006-5313

Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary SMTP commands by placing them after a CRLF.CRLF sequence in the smtp_message parameter. NOTE: this cross…

Read more
Medium

CVE-2006-5310

PHP remote file inclusion vulnerability in common/visiteurs/include/menus.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other produ…

Read more
High

CVE-2006-5302

Multiple PHP remote file inclusion vulnerabilities in Redaction System 1.0000 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_prefix parameter to (a) conn.php, (b) sess…

Read more
Medium

CVE-2006-5306

Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_pat…

Read more
Medium

CVE-2006-5301

PHP remote file inclusion vulnerability in includes/antispam.php in the SpamBlockerMODv 1.0.2 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb…

Read more
2006-10-16
High

CVE-2006-5291

PHP remote file inclusion vulnerability in admin/includes/spaw/spaw_control.class.php in Download-Engine 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root paramet…

Read more
2006-10-13
Medium

CVE-2006-5280

PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a UR…

Read more
2006-10-12
Medium

CVE-2006-5258

The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to exec…

Read more
Low

CVE-2006-4842

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which…

Read more
Medium

CVE-2006-5239

Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the query string (PHP_SELF) in kalender.php or (…

Read more
High

CVE-2006-5242

SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Read more
2006-10-10
Low

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies…

Read more
Critical

CVE-2006-3877

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an…

Read more
Critical

CVE-2006-4696

Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted pack…

Read more
Medium

CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arb…

Read more
Critical

CVE-2006-3864

Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malform…

Read more
Critical

CVE-2006-3650

Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word doc…

Read more
Critical

CVE-2006-3435

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitr…

Read more
Critical

CVE-2006-3876

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a…

Read more
High

CVE-2006-5221

Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in l…

Read more
High

CVE-2006-5175

Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete…

Read more
Medium

CVE-2006-5191

PHP remote file inclusion vulnerability in includes/functions_static_topics.php in the Nivisec Static Topics module for phpBB 1.0 and earlier allows remote attackers to execute arbitrary PHP code via…

Read more
Medium

CVE-2006-5178

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the…

Read more
Critical

CVE-2006-5177

The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 me…

Read more
Critical

CVE-2006-5176

Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".

Read more
Medium

CVE-2006-5220

Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in…

Read more
High

CVE-2006-5170

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a Passwo…

Read more
High

CVE-2006-5143

Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Sui…

Read more
High

CVE-2006-5142

Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot.

Read more
High

CVE-2006-4997

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access t…

Read more
Medium

CVE-2006-5168

Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string.

Read more
Critical

CVE-2006-4812

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array e…

Read more
2006-10-05
High

CVE-2006-5158

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified v…

Read more
High

CVE-2006-5149

Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help…

Read more
2006-10-03
High

CVE-2006-5101

PHP remote file inclusion vulnerability in include.php in Comdev CSV Importer 3.1 and possibly 4.1, as used in (1) Comdev Contact Form 3.1, (2) Comdev Customer Helpdesk 3.1, (3) Comdev Events Calenda…

Read more
Medium

CVE-2006-5119

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name or (2) admin_pass parameter in (a) admin/log…

Read more
2006-09-29
High

CVE-2006-5093

PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.

Read more
Medium

CVE-2006-5080

Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web scrip…

Read more
High

CVE-2006-5084

Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute ar…

Read more
2006-09-28
Critical

CVE-2006-3738

Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list…

Read more
Medium

CVE-2006-4343

The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via…

Read more
High

CVE-2006-5055

PHP remote file inclusion vulnerability in admin/testing/tests/0004_init_urls.php in syntaxCMS 1.1.1 through 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the init_path param…

Read more
2006-09-27
Medium

CVE-2006-5045

Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and earlier for Joomla! has unspecified impact and attack vectors, probably related to PHP remote file inclusion in the mosConfig_ab…

Read more
High

CVE-2006-5051

Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecif…

Read more
Medium

CVE-2006-5048

Multiple PHP remote file inclusion vulnerabilities in Security Images (com_securityimages) component 3.0.5 and earlier for Joomla! allow remote attackers to execute arbitrary code via a URL in the mo…

Read more
Medium

CVE-2006-5043

Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard Forum Component (com_joomlaboard) before 1.1.2 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the…

Read more