Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4316 | 1 Ssh | 1 Tectia Manager | 2017-07-19 | 7.2 HIGH | N/A |
| SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges. | |||||
| CVE-2006-4326 | 1 Justsystem | 3 Formliner, Ichitaro, Ichitaro Government | 2017-07-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. NOTE: some details are obtained from third party information. | |||||
| CVE-2006-4332 | 1 Wireshark | 1 Wireshark | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib. | |||||
| CVE-2006-4347 | 1 Jiran | 2 Cool Manager, Cool Messenger Office School Server | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2006-4353 | 1 Sun | 1 Java System Content Delivery Server | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. | |||||
| CVE-2006-4355 | 1 Drupal | 1 Drupal Easylinks Module | 2017-07-19 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4356 | 1 Drupal | 1 Drupal Easylinks Module | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-4358 | 1 Dieselscripts | 1 Diesel Pay | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. | |||||
| CVE-2006-4359 | 1 Trident Software | 1 Powerzip | 2017-07-19 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. | |||||
| CVE-2006-4360 | 1 Drupal | 1 Drupal E-commerce Module | 2017-07-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4387 | 1 Apple | 1 Mac Os X | 2017-07-19 | 4.6 MEDIUM | N/A |
| Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. | |||||
| CVE-2006-4390 | 1 Apple | 1 Mac Os X | 2017-07-19 | 2.6 LOW | N/A |
| CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows remote SSL sites to appear as trusted sites by using encryption without authentication, which can cause the lock icon in Safari to be displayed even when the site's identity cannot be trusted. | |||||
| CVE-2006-4391 | 1 Apple | 1 Mac Os X | 2017-07-19 | 5.1 MEDIUM | N/A |
| Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. | |||||
| CVE-2006-4393 | 1 Apple | 1 Mac Os X | 2017-07-19 | 3.7 LOW | N/A |
| Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, when Fast User Switching is enabled, allows local users to gain access to Kerberos tickets of other users. | |||||
| CVE-2006-4394 | 1 Apple | 1 Mac Os X | 2017-07-19 | 7.5 HIGH | N/A |
| A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, allows network accounts without GUIds to bypass service access controls and log into the system using loginwindow via unknown vectors. | |||||
| CVE-2006-4395 | 1 Apple | 1 Mac Os X | 2017-07-19 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." | |||||
| CVE-2006-4399 | 1 Apple | 1 Mac Os X | 2017-07-19 | 2.1 LOW | N/A |
| User interface inconsistency in Workgroup Manager in Apple Mac OS X 10.4 through 10.4.7 appears to allow administrators to change the authentication type from crypt to ShadowHash passwords for accounts in a NetInfo parent, when such an operation is not actually supported, which could result in less secure password management than intended. | |||||
| CVE-2006-4402 | 1 Apple | 1 Mac Os X | 2017-07-19 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files. | |||||
| CVE-2006-4403 | 1 Apple | 1 Mac Os X | 2017-07-19 | 4.0 MEDIUM | N/A |
| The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames. | |||||
| CVE-2006-4406 | 1 Apple | 1 Mac Os X | 2017-07-19 | 7.5 HIGH | N/A |
| Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||