CVE Daily
← All years

Uncategorized 2006

Page 1/49.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2006-12-31
High

CVE-2006-6873

Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via (1) the did parameter in a (a) viewdisk operation (diskusi mod), or the…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6890

Voodoo chat 1.0RC1b stores sensitive information under the web root with insufficient access control, which allows remote attackers to download passwords via a direct request for data/users.dat.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6889

FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain passwords via a direct request for…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6888

P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a d…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-6885

An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2006-6883

PHP remote file inclusion vulnerability in php4you.php in PHPIrc_bot 0.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue is disputed by CVE, si…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6879

Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the…

CVSS: 6.0CWE: N/A
Read more
High

CVE-2006-6878

admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6877

Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6876

Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS messa…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6875

Buffer overflow in the validateospheader function in the Open Settlement Protocol (OSP) module in OpenSER 1.1.0 and earlier allows remote attackers to execute arbitrary code via a crafted OSP header.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6874

Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. NOTE: The…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6865

Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the p…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2006-6872

Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-6871

Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) th…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2006-6870

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that poi…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2006-6869

Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2006-6868

Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6867

Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6866

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2006-6892

Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. Freeman OvBB 0.13a allows remote attackers to inject arbitrary web script or HTML via the aRequest va…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2006-6864

PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6863

PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2006-6862

Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2)…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2006-6891

Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2006-6900

Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6893

Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the patter…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-6906

Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and earlier has unknown impact and local attack vectors, related to "Mach Exception Handling", a different issue than CVE-2006-6900.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2006-6917

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a craft…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2006-6916

Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input."

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6915

ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2006-6914

Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote attackers to obtain sensitive information, including passwords, via unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-6913

Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to upload arbitrary PHP scripts via unspecified vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6911

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

CVSS: 6.0CWE: N/A
Read more
High

CVE-2006-6910

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ se…

CVSS: 7.8CWE: N/A
Read more
Critical

CVE-2006-6909

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6908

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widco…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6907

Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6905

Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6894

Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."

CVSS: 10.0CWE: N/A
Read more
High

CVE-2006-6904

Unspecified vulnerability in the Broadcom Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 7.9CWE: N/A
Read more
Critical

CVE-2006-6903

Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6902

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6901

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6860

Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth inte…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6899

hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to obtain control of the (1) Mouse and (2) Keyboard Human Interface Device (HID) via a certain configuration of two HID (PSM) endpoints…

CVSS: 5.4CWE: CWE-16
Read more
High

CVE-2006-6898

Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote attackers to listen to and record conversations, aka the CarWhisperer attack.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2006-6897

Directory traversal vulnerability in Widcomm Bluetooth for Windows (BTW) 3.0.1.905 allows remote attackers to conduct unauthorized file operations via a .. (dot dot) in an unspecified parameter.

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2006-6896

The Bluetooth stack in the Plantronic Headset does not properly implement Non-pairable mode, which allows remote attackers to conduct unauthorized pair-up operations.

CVSS: 5.4CWE: N/A
Read more
Low

CVE-2006-6895

The Bluetooth stack in the Sony Ericsson T60 does not properly implement "Limited discoverable" mode, which allows remote attackers to obtain unauthorized inquiry responses.

CVSS: 2.9CWE: N/A
Read more
Critical

CVE-2006-6861

Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6855

AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI.…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2006-6859

SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2006-6829

Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb.…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2006-6827

Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-6858

Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2006-6336

Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiter…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6144

The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remo…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-6103

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X proto…

CVSS: 6.6CWE: N/A
Read more
Critical

CVE-2006-6102

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X pro…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X p…

CVSS: 6.6CWE: N/A
Read more
Critical

CVE-2006-5870

Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary c…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2006-5857

Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rend…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2006-5755

Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2006-5749

The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which ha…

CVSS: 1.7CWE: N/A
Read more
Critical

CVE-2006-5574

Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2006-4582

Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-4581

Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-4580

register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-4579

Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-4578

export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain se…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-4577

Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2006-4576

Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rend…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-4575

Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2006-4098

Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2006-4097

Multiple unspecified vulnerabilities in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allow remote attackers to cause a de…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2006-1305

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, po…

CVSS: 4.3CWE: CWE-399
Read more
High

CVE-2006-6828

Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) defa…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, a…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6830

PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6844

Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2006-6857

Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2006-6856

Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edi…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6854

The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, w…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2006-6853

Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6851

Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6850

PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root p…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6849

administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6831

SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6846

Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6845

Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2006-6847

An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-6843

PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6837

Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted re…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6833

com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6842

SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6835

SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2006-6836

Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2006-6834

Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."

CVSS: 6.8CWE: N/A
Read more
High

CVE-2006-6838

Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2006-6839

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6840

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2006-6841

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

CVSS: 10.0CWE: N/A
Read more
2006-12-29
High

CVE-2006-6825

Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for cale…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6826

Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6817

AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-200…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2006-6823

PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2006-6822

myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of anot…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2006-6821

myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another acc…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2006-6820

myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2006-6819

AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for ad…

CVSS: 6.4CWE: N/A
Read more
High

CVE-2006-6818

AlstraSoft Web Host Directory allows remote attackers to bypass authentication and change the admin password via a direct request to admin/config.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6813

SQL injection vulnerability in detail.asp in Mxmania File Upload Manager (FUM) 1.0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6816

Multiple SQL injection vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) set_preferences.asp, (2) send_pa…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2006-6812

Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar 10.1 allow remote attackers to execute arbitrary PHP code via a URL in the cal_dir parameter to (1) admin.php, (2) contacts.php, or…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6810

Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which trigg…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2006-6815

Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to…

CVSS: 6.0CWE: N/A
Read more
High

CVE-2006-6809

Multiple PHP remote file inclusion vulnerabilities in process.php in Vladimir Menshakov buratinable templator (aka bubla) 1.0.0rc2 and earlier allow remote attackers to execute arbitrary PHP code via…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2006-6814

Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via…

CVSS: 6.3CWE: N/A
Read more
2006-12-28
High

CVE-2006-6804

SQL injection vulnerability in bus_details.asp in Dragon Business Directory - Pro (aka Dragon Internet Business Search Directory - Pro) 3.01.12 and earlier allows remote attackers to execute arbitrar…

CVSS: 7.5CWE: N/A
Read more
>