Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7177 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 7.8 HIGH | N/A |
| MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system." | |||||
| CVE-2006-7178 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 7.8 HIGH | N/A |
| MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame. | |||||
| CVE-2006-7179 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 7.8 HIGH | N/A |
| ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or equal to one, triggering a channel change. | |||||
| CVE-2006-7180 | 1 Madwifi | 1 Madwifi | 2018-10-16 | 6.8 MEDIUM | N/A |
| ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted authentication) and conduct spoofing attacks. | |||||
| CVE-2006-7182 | 1 Mnews | 1 Mnews | 2018-10-16 | 10.0 HIGH | N/A |
| PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter. | |||||
| CVE-2006-7192 | 1 Microsoft | 1 .net Framework | 2018-10-16 | 4.3 MEDIUM | N/A |
| Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag. | |||||
| CVE-2006-6995 | 1 V3 Chat | 1 V3chat Instant Messenger | 2018-10-16 | 6.0 MEDIUM | N/A |
| mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter. | |||||
| CVE-2006-7011 | 1 Develooping | 1 Flash Chat | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in adminips.php in Develooping Flash Chat allows remote attackers to execute arbitrary PHP code via a URL in the banned_file parameter. NOTE: CVE disputes this vulnerability because banned_file is set to a constant value. | |||||
| CVE-2006-7124 | 1 Joomla | 1 Bsq Sitestats | 2018-10-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in external/rssfeeds.php in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to execute arbitrary PHP code via the baseDir parameter. | |||||
| CVE-2006-7012 | 1 Scart | 1 Scart | 2018-10-16 | 10.0 HIGH | N/A |
| scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action. | |||||
| CVE-2006-7013 | 1 Simple Machines | 1 Simple Machines Forum | 2018-10-16 | 7.5 HIGH | N/A |
| ** DISPUTED ** QueryString.php in Simple Machines Forum (SMF) 1.0.7 and earlier, and 1.1rc2 and earlier, allows remote attackers to more easily spoof the IP address and evade banning via a modified X-Forwarded-For HTTP header, which is preferred instead of other more reliable sources for the IP address. NOTE: the original researcher claims that the vendor has disputed this issue. | |||||
| CVE-2006-7015 | 1 Jobline | 1 Jobline | 2018-10-16 | 10.0 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests. | |||||
| CVE-2006-7016 | 1 Phpjobboard | 1 Phpjobboard | 2018-10-16 | 7.5 HIGH | N/A |
| phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit. | |||||
| CVE-2006-7022 | 1 Fx-app | 1 Fx-app | 2018-10-16 | 10.0 HIGH | N/A |
| The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe. | |||||
| CVE-2006-7023 | 1 Fx-app | 1 Fx-app | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item. | |||||
| CVE-2006-7027 | 1 Microsoft | 1 Isa Server | 2018-10-16 | 10.0 HIGH | N/A |
| Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks. | |||||
| CVE-2006-7030 | 1 Microsoft | 8 Ie, Windows 2000, Windows 2003 Server and 5 more | 2018-10-16 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers to cause a denial of service (crash) via certain malformed HTML, possibly involving applet and base tags without required arguments, which triggers a null pointer dereference in mshtml.dll. | |||||
| CVE-2006-7033 | 1 Super Link Exchange Script | 1 Super Link Exchange Script | 2018-10-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2006-7055 | 1 Sweetphp | 1 Totalcalendar | 2018-10-16 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CVE-2006-1922. | |||||