Medium
CVE-2006-5031
Directory traversal vulnerability in app/webroot/js/vendors.php in Cake Software Foundation CakePHP before 1.1.8.3544 allows remote attackers to read arbitrary files via a .. (dot dot) in the file pa…
Read moreAll CVEs — 2006
Page 3/7.
Browse all CVEs by publication year. Use filters to refine.
CVSS ≥ 0.0
2006-09-27
Critical
CVE-2006-5021
Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG 0.5 allow remote attackers to execute arbitrary PHP code via a URL in (1) the root parameter in imgen.php, and the root_path param…
Read more
Critical
CVE-2006-4694
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited b…
Read more
High
CVE-2006-5014
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
Read more2006-09-26
Medium
CVE-2006-4985
Multiple cross-site scripting (XSS) vulnerabilities in Grayscale BandSite CMS allow remote attackers to inject arbitrary web script or HTML via (1) the max_file_size_purdy parameter in adminpanel/inc…
Read more2006-09-25
Medium
CVE-2006-4965
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML elemen…
Read more2006-09-23
Critical
CVE-2006-4935
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
Read more
Critical
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
Read more
High
CVE-2006-4944
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
Read more2006-09-19
Critical
CVE-2006-4868
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote att…
Read more
High
CVE-2006-4869
PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
Read more
High
CVE-2006-4863
Multiple PHP remote file inclusion vulnerabilities in Marc Cagninacci mcLinksCounter 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfile parameter in (1) login.php, (2)…
Read more
Medium
CVE-2006-4858
PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a…
Read more
Medium
CVE-2006-4844
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP…
Read more2006-09-15
Medium
CVE-2006-4568
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].documen…
Read more
Medium
CVE-2006-4340
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3,…
Read more
Critical
CVE-2006-4565
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute…
Read more2006-09-14
Medium
CVE-2006-4801
Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are execu…
Read more
High
CVE-2006-4785
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which…
Read more
High
CVE-2006-4776
Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertiseme…
Read more
High
CVE-2006-4777
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distribution…
Read more2006-09-13
High
CVE-2006-4734
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
Read more
High
CVE-2006-4736
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these det…
Read more
Medium
CVE-2006-4755
Cross-site scripting (XSS) vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenan…
Read more
High
CVE-2006-4756
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this informa…
Read more2006-09-12
High
CVE-2006-3442
Unspecified vulnerability in Pragmatic General Multicast (PGM) in Microsoft Windows XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted multicast message.
Read more
Critical
CVE-2006-0001
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing font…
Read more
Medium
CVE-2006-0032
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbi…
Read more
Medium
CVE-2006-4712
Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in a…
Read more2006-09-11
Medium
CVE-2006-4671
PHP remote file inclusion vulnerability in headlines.php in Fantastic News 2.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] para…
Read more
High
CVE-2006-4672
PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, possibly a component of PayProCart, allows remote attackers to execute arbitrary PHP code via a URL in the (1) proMod parameter…
Read more2006-09-09
High
CVE-2006-4666
Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) ide parameter in (a) art…
Read more2006-09-08
Medium
CVE-2006-2482
Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products,…
Read more
High
CVE-2006-4649
PHP remote file inclusion vulnerability in bp_news.php in BinGo News (BP News) 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the bnrep parameter.
Read more
Medium
CVE-2006-4637
Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE…
Read more
Medium
CVE-2006-4639
Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News 1.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the path…
Read more2006-09-07
Low
CVE-2006-4624
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CR…
Read more
Medium
CVE-2006-4595
muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and pass…
Read more2006-09-06
High
CVE-2006-4583
Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php,…
Read more
Medium
CVE-2006-4564
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.
Read more
Medium
CVE-2006-4553
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosC…
Read more
High
CVE-2006-4558
DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupl…
Read more
High
CVE-2006-4095
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
Read more2006-09-05
Medium
CVE-2006-4541
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API funct…
Read more
Medium
CVE-2006-4542
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source c…
Read more
Low
CVE-2006-4537
NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows…
Read more2006-09-01
High
CVE-2006-4533
Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php,…
Read more2006-08-31
Medium
CVE-2006-4146
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code vi…
Read more
Critical
CVE-2006-4482
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack ve…
Read more
Critical
CVE-2006-4483
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attac…
Read more
Medium
CVE-2006-4471
The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors.
Read more
High
CVE-2006-4476
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of requir…
Read more
Medium
CVE-2006-4468
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsVali…
Read more
Medium
CVE-2006-4466
Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to…
Read more
High
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain…
Read more2006-08-29
High
CVE-2006-4431
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or exe…
Read more
High
CVE-2006-4434
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced…
Read more2006-08-25
Medium
CVE-2006-2113
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Net…
Read more2006-08-24
High
CVE-2006-4326
Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execu…
Read more2006-08-23
Medium
CVE-2006-4308
Multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject a…
Read more
Medium
CVE-2006-4310
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
Read more
Medium
CVE-2006-4262
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long p…
Read more
Medium
CVE-2006-4299
Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in TikiWiki 1.9.4 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. NOTE: the provenance of…
Read more
Medium
CVE-2006-4301
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from…
Read more2006-08-22
Medium
CVE-2006-4288
PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP c…
Read more
High
CVE-2006-4285
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it…
Read more2006-08-21
Medium
CVE-2006-4270
PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL…
Read more2006-08-18
Medium
CVE-2006-4223
IBM WebSphere Application Server (WAS) before 6.0.2.13 allows context-dependent attackers to obtain sensitive information via unspecified vectors related to "JSP source code exposure" (PK23475), whic…
Read more
Medium
CVE-2006-4227
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated user…
Read more2006-08-17
Medium
CVE-2006-4195
PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen a…
Read more
High
CVE-2006-4204
Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialday…
Read more
High
CVE-2006-4214
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_han…
Read more
Medium
CVE-2006-4215
PHP remote file inclusion vulnerability in index.php in Zen Cart 1.3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the autoLoad…
Read more2006-08-16
High
CVE-2006-4159
Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/ includ…
Read more2006-08-14
Medium
CVE-2006-4130
PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote at…
Read more
High
CVE-2006-4136
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadId…
Read more
High
CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a differe…
Read more2006-08-11
Medium
CVE-2006-4074
PHP remote file inclusion vulnerability in lib/tpl/default/main.php in the JD-Wiki Component (com_jd-wiki) 1.0.2 and earlier for Joomla!, when register_globals is enabled, allows remote attackers to…
Read more2006-08-10
Medium
CVE-2006-4067
Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 4…
Read more
High
CVE-2006-4064
SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported repor…
Read more2006-08-09
High
CVE-2006-4042
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (…
Read more
Medium
CVE-2006-4038
Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohno…
Read more
High
CVE-2006-4039
Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintr…
Read more
Medium
CVE-2006-3643
Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC)…
Read more
High
CVE-2006-4026
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php a…
Read more2006-08-08
High
CVE-2006-3450
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and po…
Read more
High
CVE-2006-3451
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows…
Read more
High
CVE-2006-3583
Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section.
Read more
High
CVE-2006-3638
Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrar…
Read more
High
CVE-2006-4018
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file…
Read more2006-08-07
High
CVE-2006-4013
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and o…
Read more
High
CVE-2006-4010
SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CV…
Read more
Medium
CVE-2006-4006
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size whe…
Read more2006-08-05
Critical
CVE-2006-3985
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that alrea…
Read more
Medium
CVE-2006-3995
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uni…
Read more
Medium
CVE-2006-3980
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary P…
Read more2006-08-03
High
CVE-2006-3459
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or caus…
Read more
High
CVE-2006-3460
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an en…
Read more
High
CVE-2006-3462
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding…
Read more
High
CVE-2006-3463
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to caus…
Read more2006-08-01
High
CVE-2006-3966
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code…
Read more
Medium
CVE-2006-3947
PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via…
Read more
Medium
CVE-2006-3949
PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_abs…
Read more
High
CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information…
Read more
Medium
CVE-2006-3961
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privac…
Read more2006-07-31
High
CVE-2006-3946
WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory mana…
Read more
High
CVE-2006-3942
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that cont…
Read more
Medium
CVE-2006-3945
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, whic…
Read more
Medium
CVE-2006-3934
Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath par…
Read more2006-07-28
Medium
CVE-2006-3924
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Read more
Low
CVE-2006-3912
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
Read more
Medium
CVE-2006-3918
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect…
Read more2006-07-27
Medium
CVE-2006-3904
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
Read more
Medium
CVE-2006-3897
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object…
Read more
Medium
CVE-2006-3633
OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.
Read more
Critical
CVE-2006-3838
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Man…
Read more2006-07-25
Medium
CVE-2006-3846
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path p…
Read more
Medium
CVE-2006-3847
PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows…
Read more
Medium
CVE-2006-3823
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b para…
Read more2006-07-24
Medium
CVE-2006-3773
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in…
Read more