Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4085 | 1 Olaf Noehring | 1 The Search Engine Project | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4087 | 1 Mojoscripts | 1 Mojogallery | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4098 | 1 Cisco | 1 Secure Access Control Server | 2017-07-19 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet. | |||||
| CVE-2006-4099 | 1 Businessobjects | 1 Crystal Enterprise | 2017-07-19 | 7.5 HIGH | N/A |
| Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | |||||
| CVE-2006-4104 | 1 Mojoscripts | 1 Mojogallery | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." | |||||
| CVE-2006-4107 | 1 Drupal | 1 Job Search | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | |||||
| CVE-2006-4108 | 1 Drupal | 1 Bibliography Module | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4117 | 1 Sun | 1 Solaris | 2017-07-19 | 5.4 MEDIUM | N/A |
| The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. | |||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2017-07-19 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2017-07-19 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4139 | 1 Sun | 1 Solaris | 2017-07-19 | 5.4 MEDIUM | N/A |
| Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. | |||||
| CVE-2006-4154 | 1 Apache | 1 Http Server | 2017-07-19 | 6.8 MEDIUM | N/A |
| Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. | |||||
| CVE-2006-4165 | 1 Netcommons | 1 Netcommons | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-4169 | 1 Squirrelmail | 1 Gpg Plugin | 2017-07-19 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php. | |||||
| CVE-2006-4175 | 1 Sun | 2 Java System Directory Server, One Directory Server | 2017-07-19 | 7.8 HIGH | N/A |
| The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations. | |||||
| CVE-2006-4177 | 1 Novell | 1 Edirectory | 2017-07-19 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the NCP engine in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted NCP over IP packet that causes NCP to read more data than intended. | |||||
| CVE-2006-4181 | 1 Gnu | 1 Radius | 2017-07-19 | 10.0 HIGH | N/A |
| Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2006-4182 | 1 Clam Anti-virus | 1 Clamav | 2017-07-19 | 7.5 HIGH | N/A |
| Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. | |||||
| CVE-2006-4189 | 1 Boonex | 1 Dolphin | 2017-07-19 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3) browse.php, (4) cc.php, (5) click.php, (6) faq.php, (7) gallery.php, (8) im.php, (9) inbox.php, (10) join_form.php, (11) logout.php, (12) messages_inbox.php, and many other scripts. | |||||