Total
27865 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-3597 | 1 Ubuntu | 1 Ubuntu Linux | 2008-09-05 | 7.2 HIGH | N/A |
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. | |||||
CVE-2006-3661 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-3612 | 1 Phorum | 1 Phorum | 2008-09-05 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2006-3742 | 1 Kde | 1 Kdebase | 2008-09-05 | 10.0 HIGH | N/A |
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. | |||||
CVE-2006-3576 | 1 Sensesites | 1 Commonsense Cms | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
CVE-2006-3577 | 1 Lifetype | 1 Lifetype | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op. | |||||
CVE-2006-3412 | 1 Tor | 1 Tor | 2008-09-05 | 6.4 MEDIUM | N/A |
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers. | |||||
CVE-2006-3413 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information. | |||||
CVE-2006-3416 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
** DISPUTED ** Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE. | |||||
CVE-2006-3418 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications. | |||||
CVE-2006-3419 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks. | |||||
CVE-2006-3414 | 1 Tor | 1 Tor | 2008-09-05 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. | |||||
CVE-2006-3411 | 1 Tor | 1 Tor | 2008-09-05 | 6.4 MEDIUM | N/A |
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. | |||||
CVE-2006-3483 | 1 Phpmaillist | 1 Phpmaillist | 2008-09-05 | 5.0 MEDIUM | N/A |
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat. | |||||
CVE-2006-3417 | 1 Tor | 1 Tor | 2008-09-05 | 6.4 MEDIUM | N/A |
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities. | |||||
CVE-2006-3415 | 1 Tor | 1 Tor | 2008-09-05 | 6.4 MEDIUM | N/A |
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors. | |||||
CVE-2006-3487 | 1 Virtuastore | 1 Virtuastore | 2008-09-05 | 5.0 MEDIUM | N/A |
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb. | |||||
CVE-2006-3488 | 1 Virtuastore | 1 Virtuastore | 2008-09-05 | 5.0 MEDIUM | N/A |
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim. | |||||
CVE-2006-3263 | 1 Mambo | 1 Mambo | 2008-09-05 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2006-3025 | 1 Lucid Designs | 1 Lucid Calendar | 2008-09-05 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea Lucid Calendar 0.22 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |