Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2482 | 2 Microchip Data Systems, Pentaware | 4 Ziptv For C\+\+ Builder, Ziptv For Delphi 7, Pentasuite-pro and 1 more | 2017-07-19 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856. | |||||
| CVE-2006-2488 | 1 Spymac | 1 Spymac Web Os | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. | |||||
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-19 | 6.4 MEDIUM | N/A |
| Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | |||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | |||||
| CVE-2006-2502 | 1 Cyrus | 1 Imapd | 2017-07-19 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2017-07-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | |||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-19 | 7.5 HIGH | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | |||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2017-07-19 | 7.5 HIGH | N/A |
| Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | |||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2017-07-19 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | |||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2017-07-19 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | |||||
| CVE-2006-2528 | 1 Smartisoft | 1 Phpbazar | 2017-07-19 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | |||||
| CVE-2006-2537 | 3 Horizontal Shooter Bor, Openbor, Senile Team | 3 Horizontal Shooter Bor, Openbor, Beats Of Rage | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function. | |||||
| CVE-2006-2539 | 1 Sybase | 1 Easerver | 2017-07-19 | 3.5 LOW | N/A |
| Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | |||||
| CVE-2006-2542 | 1 Ti Kan | 1 Xmcd | 2017-07-19 | 2.1 LOW | N/A |
| xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | |||||
| CVE-2006-2546 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 5.0 MEDIUM | N/A |
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | |||||
| CVE-2006-2559 | 1 Linksys | 2 Wrt54g, Wrt54g V5 | 2017-07-19 | 7.5 HIGH | N/A |
| Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2017-07-19 | 7.5 HIGH | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||
| CVE-2006-2562 | 1 Zyxel | 1 P-335wt Router | 2017-07-19 | 7.5 HIGH | N/A |
| ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | |||||