Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1291 | 1 Php Icalendar | 1 Php Icalendar | 2017-10-10 | 7.5 HIGH | N/A |
| publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. | |||||
| CVE-2006-1346 | 1 Greg Neustaetter | 1 Gcards | 2017-10-10 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php. | |||||
| CVE-2006-1932 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 10.0 HIGH | N/A |
| Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. | |||||
| CVE-2006-1933 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. | |||||
| CVE-2006-1934 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. | |||||
| CVE-2006-1935 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. | |||||
| CVE-2006-1936 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2017-10-10 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2006-0190 | 1 Sun | 1 Solaris | 2017-10-10 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | |||||
| CVE-2006-1422 | 1 Jjwwebdesign | 1 Phpbookingcalendar | 2017-10-10 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2006-1594 | 1 Claroline | 1 Claroline | 2017-10-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | |||||
| CVE-2006-0195 | 1 Squirrelmail | 1 Squirrelmail | 2017-10-10 | 4.3 MEDIUM | N/A |
| Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. | |||||
| CVE-2006-0191 | 1 Sun | 1 Solaris | 2017-10-10 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250. | |||||
| CVE-2006-2046 | 1 Application Dynamics | 1 Cartweaver Coldfusion | 2017-10-10 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | |||||
| CVE-2006-1294 | 1 Knowledgebasepublisher | 1 Knowledgebasepublisher | 2017-10-10 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter. | |||||
| CVE-2006-1292 | 1 Php Icalendar | 1 Php Icalendar | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. | |||||
| CVE-2006-1058 | 1 Busybox | 1 Busybox | 2017-10-10 | 2.1 LOW | N/A |
| BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | |||||
| CVE-2006-2271 | 1 Lksctp | 1 Lksctp | 2017-10-10 | 7.8 HIGH | N/A |
| The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state. | |||||
| CVE-2006-2272 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2017-10-10 | 7.8 HIGH | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks. | |||||
| CVE-2006-2274 | 1 Lksctp | 1 Stream Control Transmission Protocol | 2017-10-10 | 5.0 MEDIUM | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function. | |||||