Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4518 | 1 Qbik | 1 Wingate | 2017-07-19 | 5.0 MEDIUM | N/A |
| Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. | |||||
| CVE-2006-4520 | 1 Novell | 1 Edirectory | 2017-07-19 | 7.8 HIGH | N/A |
| ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 FTF2, does not properly handle NCP fragments with a negative length, which allows remote attackers to cause a denial of service (daemon crash) when the heap is written to a log file. | |||||
| CVE-2006-4521 | 1 Novell | 1 Edirectory | 2017-07-19 | 5.0 MEDIUM | N/A |
| The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | |||||
| CVE-2006-4537 | 1 Dec | 1 Dec Openvms Alpha | 2017-07-19 | 2.1 LOW | N/A |
| NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which allows local users to obtain passwords by reading the file. | |||||
| CVE-2006-4540 | 1 Learn.com | 1 Learncenter | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2006-4542 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2017-07-19 | 6.8 MEDIUM | N/A |
| Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | |||||
| CVE-2006-4555 | 1 Retro64 | 1 Cr64loader Activex Control | 2017-07-19 | 7.5 HIGH | N/A |
| Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. | |||||
| CVE-2006-4558 | 1 Deluxebb | 1 Deluxebb | 2017-07-19 | 7.5 HIGH | N/A |
| DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in a newthread action in newpost.php. | |||||
| CVE-2006-4563 | 1 Phpnuke | 1 Myheadlines | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php. | |||||
| CVE-2006-4564 | 1 Simplemachines | 1 Smf | 2017-07-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | |||||
| CVE-2006-4575 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote attackers to execute arbitrary SQL commands via the (1) lastname, (2) firstname, (3) passwordOld, (4) passwordNew, (5) id, (6) language, (7) defaultLetter, (8) newuserPass, (9) newuserType, (10) newuserEmail parameters in (a) user.php; the (11) goTo and (12) search parameters in (b) search.php; and the (13) groupAddName parameter in (c) save.php. | |||||
| CVE-2006-4576 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer. | |||||
| CVE-2006-4577 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. | |||||
| CVE-2006-4578 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 7.5 HIGH | N/A |
| export.php in The Address Book 1.04e writes username and password hash information into a publicly accessible file when dumping the MySQL database contents, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-4579 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. (dot dot) in the language parameter. | |||||
| CVE-2006-4580 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 7.5 HIGH | N/A |
| register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm". | |||||
| CVE-2006-4581 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. | |||||
| CVE-2006-4582 | 1 The Address Book | 1 The Address Book | 2017-07-19 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php. | |||||
| CVE-2006-4590 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4613 | 1 Securecomputing | 4 Snapgear Sg560, Snapgear Sg565, Snapgear Sg580 and 1 more | 2017-07-19 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018. | |||||