Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5681 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-07 | 2.6 LOW | N/A |
| QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | |||||
| CVE-2006-5671 | 1 Free Php Scripts | 1 Free Image Hosting | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2011-03-07 | 4.6 MEDIUM | N/A |
| IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||||
| CVE-2006-5657 | 1 Vilistextum | 1 Vilistextum | 2011-03-07 | 10.0 HIGH | N/A |
| Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | |||||
| CVE-2006-5664 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2011-03-07 | 4.6 MEDIUM | N/A |
| The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | |||||
| CVE-2006-5237 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Blue Smiley Organizer before 4.46 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-5235 | 1 Dimension Of Phpbb | 1 Dimension Of Phpbb | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5099 | 1 Andreas Gohr | 1 Dokuwiki | 2011-03-07 | 7.5 HIGH | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert. | |||||
| CVE-2006-5106 | 1 Facileforms | 1 Facileforms | 2011-03-07 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-5212 | 1 Trend Micro | 1 Officescan | 2011-03-07 | 5.0 MEDIUM | N/A |
| Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to delete files via a modified filename parameter in a certain HTTP request that invokes the OfficeScan CGI program. | |||||
| CVE-2006-4778 | 1 Cchost | 1 Cchost | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some details are obtained from third party information. | |||||
| CVE-2006-5326 | 1 Phpbb Prillian | 1 French Language Pack | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5179 | 1 Intoto | 2 Igateway Ssl-vpn, Igateway Vpn | 2011-03-07 | 5.4 MEDIUM | N/A |
| Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. | |||||
| CVE-2006-5098 | 1 Andreas Gohr | 1 Dokuwiki | 2011-03-07 | 5.0 MEDIUM | N/A |
| lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | |||||
| CVE-2006-4831 | 1 Iodine | 1 Iodine | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems." | |||||
| CVE-2006-4964 | 1 Maxdev | 1 Md-pro | 2011-03-07 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via (1) vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and (2) unspecified vectors related to the AntiCracker. | |||||
| CVE-2006-5324 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 7.5 HIGH | N/A |
| The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka PK28374. | |||||
| CVE-2006-5184 | 1 Pkr Internet | 1 Taskjitsu | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the key parameter, when the limit query parameter is set to customerid. | |||||
| CVE-2006-5238 | 1 Blue Smiley Organizer | 1 Blue Smiley Organizer | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the file upload module in Blue Smiley Organizer before 4.45 has unknown impact and attack vectors. | |||||
| CVE-2006-5035 | 1 Paul Smith Computer Services | 1 Vcap | 2011-03-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in RegisterPage.cgi or (2) a URI corresponding to a nonexistent file. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||