Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3126 | 1 Julian Pawlowski | 1 Capi4hylafax | 2011-03-07 | 7.5 HIGH | N/A |
| c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. | |||||
| CVE-2006-2419 | 1 Php | 1 Directory Listing Script | 2011-03-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2006-2429 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | |||||
| CVE-2006-2430 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | |||||
| CVE-2006-2432 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. | |||||
| CVE-2006-2433 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". | |||||
| CVE-2006-2434 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||||
| CVE-2006-2435 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | |||||
| CVE-2006-2436 | 1 Ibm | 1 Websphere Application Server | 2011-03-07 | 7.5 HIGH | N/A |
| WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | |||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2011-03-07 | 5.0 MEDIUM | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | |||||
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2011-03-07 | 4.6 MEDIUM | N/A |
| kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | |||||
| CVE-2006-2495 | 1 S9y | 1 Serendipity | 2011-03-07 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | |||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2011-03-07 | 5.0 MEDIUM | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | |||||
| CVE-2006-2544 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2011-03-07 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-2556 | 1 Florian Amrhein | 1 Newsportal | 2011-03-07 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2006-2590 | 1 E107 | 1 E107 | 2011-03-07 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2591 | 1 E107 | 1 E107 | 2011-03-07 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". | |||||
| CVE-2006-2609 | 1 Artmedic Webdesign | 1 Artmedic Newsletter | 2011-03-07 | 5.1 MEDIUM | N/A |
| artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2647 | 1 Ibm | 1 Aix | 2011-03-07 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands. | |||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2011-03-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. | |||||