Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by NVD-CWE-Other
Total 27865 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3597 1 Ubuntu 1 Ubuntu Linux 2008-09-05 7.2 HIGH N/A
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
CVE-2006-3661 1 Cutephp 1 Cutenews 2008-09-05 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3612 1 Phorum 1 Phorum 2008-09-05 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-3742 1 Kde 1 Kdebase 2008-09-05 10.0 HIGH N/A
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
CVE-2006-3576 1 Sensesites 1 Commonsense Cms 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3577 1 Lifetype 1 Lifetype 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
CVE-2006-3412 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
CVE-2006-3413 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.
CVE-2006-3416 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE.
CVE-2006-3418 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
CVE-2006-3419 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
CVE-2006-3414 1 Tor 1 Tor 2008-09-05 5.0 MEDIUM N/A
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
CVE-2006-3411 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
CVE-2006-3483 1 Phpmaillist 1 Phpmaillist 2008-09-05 5.0 MEDIUM N/A
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.
CVE-2006-3417 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
CVE-2006-3415 1 Tor 1 Tor 2008-09-05 6.4 MEDIUM N/A
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.
CVE-2006-3487 1 Virtuastore 1 Virtuastore 2008-09-05 5.0 MEDIUM N/A
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb.
CVE-2006-3488 1 Virtuastore 1 Virtuastore 2008-09-05 5.0 MEDIUM N/A
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.
CVE-2006-3263 1 Mambo 1 Mambo 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-3025 1 Lucid Designs 1 Lucid Calendar 2008-09-05 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information.