Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4573 | 1 Gnu | 1 Screen | 2011-03-07 | 2.6 LOW | N/A |
| Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences. | |||||
| CVE-2006-4587 | 1 Vtiger | 1 Vtiger Crm | 2011-03-07 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. | |||||
| CVE-2006-4588 | 1 Vtiger | 1 Vtiger Crm | 2011-03-07 | 7.5 HIGH | N/A |
| vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. | |||||
| CVE-2006-4621 | 1 Bare Concept Media | 1 Pheap Cms | 2011-03-07 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. | |||||
| CVE-2006-4626 | 1 Alwil | 1 Avast Antivirus | 2011-03-07 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | |||||
| CVE-2006-4643 | 1 Uni-vert | 1 Phpleague | 2011-03-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4682 | 1 Ibm | 1 Director | 2011-03-07 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets. | |||||
| CVE-2006-4683 | 1 Ibm | 1 Director | 2011-03-07 | 5.0 MEDIUM | N/A |
| IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE. | |||||
| CVE-2006-4684 | 1 Zope | 1 Zope | 2011-03-07 | 5.0 MEDIUM | N/A |
| The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | |||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2011-03-07 | 7.5 HIGH | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | |||||
| CVE-2006-4014 | 1 Symantec | 1 Brightmail Antispam | 2011-03-07 | 5.0 MEDIUM | N/A |
| Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts". | |||||
| CVE-2006-4016 | 1 Toenda Software Development | 1 Toendacms | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-4022 | 1 Intel | 1 2100 Proset Wireless | 2011-03-07 | 4.6 MEDIUM | N/A |
| Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992. | |||||
| CVE-2006-4024 | 1 Festalon | 1 Festalon | 2011-03-07 | 7.5 HIGH | N/A |
| The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow. | |||||
| CVE-2006-4030 | 1 Gallery Project | 1 Gallery | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." | |||||
| CVE-2006-4037 | 1 Fenestrae | 1 Faxination Server | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2006-4054 | 1 Ehmig | 1 Me Download System | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4076 | 1 Wim Fleischhauer | 1 Docpile We | 2011-03-07 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parameter to (1) lib/access.inc.php, (2) lib/folders.inc.php, (3) lib/init.inc.php or (4) lib/templates.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4086 | 1 Ozjournals | 1 Ozjournals | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4136 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. | |||||