Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0474 | 1 Shareaza | 1 Shareaza | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | |||||
| CVE-2006-0476 | 1 Nullsoft | 1 Winamp | 2018-10-19 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | |||||
| CVE-2006-0480 | 1 Spaiz | 1 Spaiz-nuke Cms | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file. | |||||
| CVE-2006-0484 | 1 Elido | 1 Face Control | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p. | |||||
| CVE-2006-0511 | 1 Blackboard | 2 Blackboard, Blackboard Academic Suite | 2018-10-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product." | |||||
| CVE-2006-0635 | 1 Fabrice Bellard | 1 Tiny C Compiler | 2018-10-19 | 4.6 MEDIUM | N/A |
| Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0488 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2018-10-19 | 2.1 LOW | N/A |
| The VDM (Virtual DOS Machine) emulation environment for MS-DOS applications in Windows 2000, Windows XP SP2, and Windows Server 2003 allows local users to read the first megabyte of memory and possibly obtain sensitive information, as demonstrated by dumper.asm. | |||||
| CVE-2006-0634 | 1 Borland Software | 1 C\+\+ Builder | 2018-10-19 | 4.6 MEDIUM | N/A |
| Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers. | |||||
| CVE-2006-0489 | 1 Khaled Mardam-bey | 1 Mirc | 2018-10-19 | 4.6 MEDIUM | N/A |
| ** DISPUTED ** Buffer overflow in the font command of mIRC, probably 6.16, allows local users to execute arbitrary code via a long string. NOTE: the original researcher claims that issue has been disputed by the vendor, and that the vendor stated "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk. | |||||
| CVE-2006-0508 | 1 Easy Cms | 1 Easy Cms | 2018-10-19 | 5.0 MEDIUM | N/A |
| Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory. | |||||
| CVE-2006-0590 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 5.0 MEDIUM | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax. | |||||
| CVE-2006-0589 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 5.0 MEDIUM | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | |||||
| CVE-2006-0491 | 1 Subzane | 1 Szusermgnt | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-0588 | 1 Jaia Interactive | 1 Mytopix | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | |||||
| CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | |||||
| CVE-2006-0584 | 1 Peoplesoft | 1 Peopletools | 2018-10-19 | 2.1 LOW | N/A |
| The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 with a fixed DES key to store user passwords, which makes it easier for local users to guess passwords using a dictionary attack that compares output strings. | |||||
| CVE-2006-0493 | 1 Thomas Rybak | 1 Mg2 | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture. | |||||
| CVE-2006-0577 | 1 Lexmark | 1 X1185 | 2018-10-19 | 7.2 HIGH | N/A |
| Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges. | |||||
| CVE-2006-0576 | 1 Maynard Johnson | 1 Oprofile | 2018-10-19 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability. | |||||
| CVE-2006-0500 | 1 Punctweb | 1 Myco Guestbook | 2018-10-19 | 7.5 HIGH | N/A |
| MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL. | |||||