Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0561 | 1 Cisco | 1 Secure Access Control Server | 2017-07-19 | 7.2 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS administrator passwords and the master key in the registry with insecure permissions, which allows local users and remote administrators to decrypt the passwords by using Microsoft's cryptographic API functions to obtain the plaintext version of the master key. | |||||
| CVE-2006-0564 | 1 Microsoft | 2 Html Help, Html Help Workshop | 2017-07-19 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field. | |||||
| CVE-2006-0567 | 1 Curtis Farnham | 1 Files Xaraya Module | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences. | |||||
| CVE-2006-0569 | 1 Papoo | 1 Papoo | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0573 | 1 Cpanel | 1 Cpanel | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html. | |||||
| CVE-2006-0575 | 1 Thibault Godouet | 1 Fcron | 2017-07-19 | 5.0 MEDIUM | N/A |
| convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion. | |||||
| CVE-2006-0579 | 1 Mplayer | 1 Mplayer | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to execute arbitrary code via an ASF file with a large packet length value. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0580 | 1 Ibm | 1 Lotus Domino Server | 2017-07-19 | 5.0 MEDIUM | N/A |
| IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). | |||||
| CVE-2006-0581 | 1 Hosting Controller | 1 Hosting Controller | 2017-07-19 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp. | |||||
| CVE-2006-0583 | 1 Clever Copy | 1 Clever Copy | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-0587 | 1 Gallery Project | 1 Gallery | 2017-07-19 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. | |||||
| CVE-2006-0593 | 1 Php Fusion | 1 Php Fusion | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. | |||||
| CVE-2006-0597 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". | |||||
| CVE-2006-0598 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-19 | 7.5 HIGH | N/A |
| Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file. | |||||
| CVE-2006-0599 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-19 | 5.0 MEDIUM | N/A |
| The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. | |||||
| CVE-2006-0600 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-19 | 5.0 MEDIUM | N/A |
| elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request. | |||||
| CVE-2006-0611 | 1 Atmail | 1 Atmail | 2017-07-19 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. | |||||
| CVE-2006-0612 | 1 Powersave | 1 Powersave | 2017-07-19 | 4.6 MEDIUM | N/A |
| Powersave daemon before 0.10.15.2 allows local users to gain privileges (unauthorized access to an X session) via unspecified vectors. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2005-4449 | 1 Flatnuke | 1 Flatnuke | 2017-07-19 | 4.0 MEDIUM | N/A |
| verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability. | |||||
| CVE-2005-4452 | 1 Information Call Center | 1 Information Call Center | 2017-07-19 | 5.0 MEDIUM | N/A |
| Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | |||||