Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2011-03-07 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-4016 | 1 Toenda Software Development | 1 Toendacms | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2011-03-07 | 5.0 MEDIUM | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2011-03-07 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2006-3671 | 1 Hyper Estraier | 1 Hyper Estraier | 2011-03-07 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via unknown vectors. | |||||
| CVE-2006-3615 | 1 Phorum | 1 Phorum | 2011-03-07 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable. | |||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2011-03-07 | 7.5 HIGH | N/A |
| Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | |||||
| CVE-2006-3779 | 1 Citrix | 3 Metaframe, Metaframe Presentation Server, Presentation Server | 2011-03-07 | 6.5 MEDIUM | N/A |
| Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges. | |||||
| CVE-2006-3992 | 1 Intel | 2 2200bg Proset Wireless, 2915abg Proset Wireless | 2011-03-07 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. | |||||
| CVE-2006-3902 | 1 Phpfaber | 1 Topsites | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3896 | 1 Neoscale Systems | 1 Cryptostor Tape 700 | 2011-03-07 | 4.9 MEDIUM | N/A |
| The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | |||||
| CVE-2006-3892 | 1 Emc | 1 Networker | 2011-03-07 | 10.0 HIGH | N/A |
| The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2006-3822 | 1 Geodesicsolutions | 1 Geoauctions Enterprise | 2011-03-07 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||||
| CVE-2006-3686 | 1 Hp | 1 Openvms | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash). | |||||
| CVE-2006-3667 | 1 Sybase | 1 Financial Fusion Consumer Banking Solution | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors. | |||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2011-03-07 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | |||||
| CVE-2006-3552 | 1 Ipswitch | 2 Ipswitch Collaboration Suite, Ipswitch Secure Server | 2011-03-07 | 6.4 MEDIUM | N/A |
| Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission. | |||||
| CVE-2006-3482 | 1 Phpmaillist | 1 Phpmaillist | 2011-03-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||