Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0255 | 1 Checkpoint | 1 Vpn-1 | 2018-10-19 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Check Point VPN-1 SecureClient might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when SecureClient attempts to launch the Sr_GUI.exe program. | |||||
| CVE-2006-0292 | 1 Mozilla | 2 Firefox, Mozilla | 2018-10-19 | 7.5 HIGH | N/A |
| The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | |||||
| CVE-2006-0088 | 1 Intouch | 1 Intouch | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2006-0136 | 1 Phanatic Softwares | 1 Chimera Web Portal | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. | |||||
| CVE-2006-0131 | 1 Boastmachine | 1 Boastmachine | 2018-10-19 | 5.0 MEDIUM | N/A |
| boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message. | |||||
| CVE-2006-0087 | 1 Lizard Cart | 1 Lizard Cart Cms | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-0065 | 1 Vego | 1 Vego Web Forum | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. | |||||
| CVE-2006-0058 | 1 Sendmail | 1 Sendmail | 2018-10-19 | 7.6 HIGH | N/A |
| Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. | |||||
| CVE-2006-0070 | 1 Drupal | 1 Drupal | 2018-10-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Drupal allows remote attackers to conduct cross-site scripting (XSS) attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert() function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtered HTML" is enabled, and since "Full HTML" would not filter HTML by design, perhaps this should not be included in CVE. | |||||
| CVE-2006-0095 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 2.1 LOW | N/A |
| dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key. | |||||
| CVE-2006-0040 | 1 Gnome | 1 Evolution | 2018-10-19 | 5.0 MEDIUM | N/A |
| GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. | |||||
| CVE-2006-0106 | 1 Wine | 1 Wine | 2018-10-19 | 7.5 HIGH | N/A |
| gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, implement the SETABORTPROC GDI Escape function call for Windows Metafile (WMF) files, which allows attackers to execute arbitrary code, the same vulnerability as CVE-2005-4560 but in a different codebase. | |||||
| CVE-2006-0078 | 1 Haddad Said | 1 B-net Software | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title and (4) message variables to (b) guestbook.php. | |||||
| CVE-2006-0079 | 1 Scoznet | 1 Scozbook | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). | |||||
| CVE-2006-0019 | 1 Kde | 1 Kde | 2018-10-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | |||||
| CVE-2006-0080 | 1 Jelsoft | 1 Vbulletin | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. | |||||
| CVE-2006-0133 | 1 Ibm | 1 Aix | 2018-10-19 | 3.6 LOW | N/A |
| Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273. | |||||
| CVE-2006-0100 | 1 Nicosw | 1 Nicoftp | 2018-10-19 | 4.6 MEDIUM | N/A |
| Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local users to execute arbitrary code via a long string in the "Name of site" field of an FTP account. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to create or modify FTP accounts in this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | |||||
| CVE-2006-0134 | 1 Thewebforum | 1 Thewebforum | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. | |||||
| CVE-2006-0135 | 1 Thewebforum | 1 Thewebforum | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). | |||||