Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6607 | 1 Ibm | 1 Tivoli Identity Manager | 2017-07-28 | 2.7 LOW | N/A |
| The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | |||||
| CVE-2006-6608 | 1 Hp | 2 Proliant Integrated Lights Out, Proliant Integrated Lights Out 2 | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | |||||
| CVE-2006-6609 | 1 Alientrap | 1 Nexuiz | 2017-07-28 | 5.0 MEDIUM | N/A |
| Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6610 | 1 Alientrap | 1 Nexuiz | 2017-07-28 | 7.5 HIGH | N/A |
| clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | |||||
| CVE-2006-6614 | 2 Debian, Thomas Lange | 2 Debian Linux, Fully Automated Installation | 2017-07-28 | 1.9 LOW | N/A |
| The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | |||||
| CVE-2006-6616 | 1 W00t Gallery | 1 W00t Gallery | 2017-07-28 | 6.0 MEDIUM | N/A |
| index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | |||||
| CVE-2006-6636 | 1 Ibm | 1 Websphere Application Server | 2017-07-28 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | |||||
| CVE-2006-6681 | 1 Chetcpasswd | 1 Chetcpasswd | 2017-07-28 | 7.5 HIGH | N/A |
| Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack. | |||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | |||||
| CVE-2006-6708 | 1 Mginternet | 1 Property Site Manager | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2006-6709 | 1 Mginternet | 1 Property Site Manager | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-6729 | 1 A-blog | 1 A-blog | 2017-07-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-6743 | 1 Phpprofiles | 1 Phpprofiles | 2017-07-28 | 4.6 MEDIUM | N/A |
| phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | |||||
| CVE-2006-6751 | 1 Dxmsoft | 1 Xm Easy Personal Ftp Server | 2017-07-28 | 5.0 MEDIUM | N/A |
| Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. | |||||
| CVE-2006-6766 | 1 Cwm-design | 1 Cwmexplorer | 2017-07-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: The provenance of this information is unknown; details are obtained solely from third party information. | |||||
| CVE-2006-6767 | 1 Oftpd | 1 Oftpd | 2017-07-28 | 9.4 HIGH | N/A |
| oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | |||||
| CVE-2006-6808 | 1 Wordpress | 1 Wordpress | 2017-07-28 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. | |||||
| CVE-2006-6810 | 1 Db Hub | 1 Db Hub | 2017-07-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. | |||||
| CVE-2006-6826 | 1 Personal .net Portal | 1 Personal .net Portal | 2017-07-28 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak." | |||||