Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3804 | 1 Mozilla | 2 Seamonkey, Thunderbird | 2018-10-17 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow. | |||||
| CVE-2006-3803 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.1 MEDIUM | N/A |
| Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object. | |||||
| CVE-2006-3802 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-17 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object. | |||||
| CVE-2006-3801 | 1 Mozilla | 2 Firefox, Seamonkey | 2018-10-17 | 7.5 HIGH | N/A |
| Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code. | |||||
| CVE-2006-3800 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2018-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. | |||||
| CVE-2006-3799 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 7.5 HIGH | N/A |
| DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT." | |||||
| CVE-2006-3798 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 5.0 MEDIUM | N/A |
| DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace." | |||||
| CVE-2006-3797 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies. | |||||
| CVE-2006-3796 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 7.5 HIGH | N/A |
| DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user. | |||||
| CVE-2006-3795 | 1 Deluxebb | 1 Deluxebb | 2018-10-17 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php. | |||||
| CVE-2006-3794 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried." | |||||
| CVE-2006-3793 | 1 Sitedepth | 1 Sitedepth Cms | 2018-10-17 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter. | |||||
| CVE-2006-3791 | 1 Ufo2000 | 1 Ufo2000 | 2018-10-17 | 5.0 MEDIUM | N/A |
| The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory. | |||||
| CVE-2006-3790 | 1 Ufo2000 | 1 Ufo2000 | 2018-10-17 | 5.0 MEDIUM | N/A |
| The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read. | |||||
| CVE-2006-3789 | 1 Ufo2000 | 1 Ufo2000 | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index. | |||||
| CVE-2006-3788 | 1 Ufo2000 | 1 Ufo2000 | 2018-10-17 | 7.5 HIGH | N/A |
| Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data. | |||||
| CVE-2006-3787 | 1 Kerio | 1 Personal Firewall | 2018-10-17 | 2.1 LOW | N/A |
| kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. | |||||
| CVE-2006-3786 | 1 Symantec | 1 Pcanywhere | 2018-10-17 | 3.6 LOW | N/A |
| Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag. | |||||
| CVE-2006-3780 | 1 Keyifweb | 1 Keyif Portal | 2018-10-17 | 5.0 MEDIUM | N/A |
| Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory. | |||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2018-10-17 | 2.1 LOW | N/A |
| Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | |||||