CVE Daily
← All years

All CVEs — 2006

Page 7/7.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2006-01-20
High

CVE-2006-0325

Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which…

CVSS: 7.5 CWE: CWE-78
Read more
2006-01-19
High

CVE-2006-0318

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parame…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2006-0308

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL…

CVSS: 7.5 CWE: CWE-94
Read more
2006-01-18
Medium

CVE-2006-0269

Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: detail…

CVSS: 5.5 CWE: CWE-89
Read more
High

CVE-2006-0249

SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tm…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2006-0236

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large numbe…

CVSS: 5.1 CWE: CWE-94
Read more
High

CVE-2006-0240

Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other par…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2006-0233

Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.

CVSS: 4.3 CWE: CWE-79
Read more
2006-01-16
Medium

CVE-2006-0223

Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the usern…

CVSS: 5.0 CWE: CWE-22
Read more
2006-01-13
Medium

CVE-2006-0205

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.ph…

CVSS: 5.1 CWE: CWE-89
Read more
Medium

CVE-2006-0207

Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/se…

CVSS: 5.0 CWE: CWE-94
Read more
Low

CVE-2006-0208

Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2006-0203

membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpa…

CVSS: 5.0 CWE: CWE-20
Read more
High

CVE-2006-0199

SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

CVSS: 7.5 CWE: CWE-89
Read more
Critical

CVE-2006-0200

Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL…

CVSS: 9.3 CWE: CWE-134
Read more
High

CVE-2006-0192

SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

CVSS: 7.5 CWE: CWE-89
Read more
2006-01-11
Medium

CVE-2006-0054

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an ac…

CVSS: 5.3 CWE: CWE-824
Read more
Medium

CVE-2006-0175

Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2006-0179

The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80.

CVSS: 5.0 CWE: CWE-119
Read more
2006-01-10
Critical

CVE-2006-0010

Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2006-0159

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown,…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2006-0160

SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.

CVSS: 7.5 CWE: CWE-89
Read more
2006-01-09
High

CVE-2006-0144

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote attackers to execute arbitrary PHP code by redirecting go-pear.php to a malicious proxy server that p…

CVSS: 7.5 CWE: CWE-94
Read more
High

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8…

CVSS: 7.5 CWE: CWE-89
Read more
Medium

CVE-2006-0149

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

CVSS: 6.1 CWE: CWE-80
Read more
High

CVE-2006-0150

Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the…

CVSS: 7.5 CWE: CWE-134
Read more
Medium

CVE-2006-0140

Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) ur…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2006-0115

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Servi…

CVSS: 7.5 CWE: CWE-89
Read more
High

CVE-2006-0123

Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and pos…

CVSS: 7.5 CWE: CWE-89
Read more
2006-01-06
Medium

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and (2) users/[USERNAME].email files under the web root with insufficient access control, which allows remote attackers to list all r…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2006-0101

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2006-0097

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2)…

CVSS: 7.5 CWE: CWE-119
Read more
2006-01-05
Medium

CVE-2006-0063

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single q…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-00…

CVSS: 7.5 CWE: CWE-94
Read more
2006-01-04
Medium

CVE-2006-0082

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) a…

CVSS: 5.1 CWE: CWE-134
Read more
High

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are a…

CVSS: 7.5 CWE: CWE-89
Read more
2006-01-03
High

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.

CVSS: 7.5 CWE: CWE-94
Read more