Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-0399 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 7.5 HIGH | N/A |
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. | |||||
CVE-2006-0400 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 7.5 HIGH | N/A |
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | |||||
CVE-2006-0401 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-19 | 4.6 MEDIUM | N/A |
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | |||||
CVE-2006-0402 | 1 Jason Geiger | 1 Zoph | 2017-07-19 | 7.5 HIGH | N/A |
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. | |||||
CVE-2006-0404 | 1 Mike Macgirvin | 1 Note-a-day Weblog | 2017-07-19 | 5.0 MEDIUM | N/A |
Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. | |||||
CVE-2006-0405 | 1 Libtiff | 1 Libtiff | 2017-07-19 | 5.0 MEDIUM | N/A |
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | |||||
CVE-2006-0408 | 1 Sun | 1 Grid Engine | 2017-07-19 | 7.2 HIGH | N/A |
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. | |||||
CVE-2006-0410 | 1 John Lim | 1 Adodb | 2017-07-19 | 5.0 MEDIUM | N/A |
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | |||||
CVE-2006-0411 | 1 Claroline | 1 Claroline | 2017-07-19 | 10.0 HIGH | N/A |
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | |||||
CVE-2006-0412 | 1 Gencbeyin Web Programlama | 1 Cybershop | 2017-07-19 | 7.5 HIGH | N/A |
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
CVE-2006-0414 | 1 Tor | 1 Tor | 2017-07-19 | 5.0 MEDIUM | N/A |
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | |||||
CVE-2006-0415 | 1 Sleeperchat | 1 Sleeperchat | 2017-07-19 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. | |||||
CVE-2006-0416 | 1 Sleeperchat | 1 Sleeperchat | 2017-07-19 | 5.0 MEDIUM | N/A |
SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | |||||
CVE-2006-0421 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 4.6 MEDIUM | N/A |
By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended. | |||||
CVE-2006-0422 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 6.4 MEDIUM | N/A |
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. | |||||
CVE-2006-0424 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 4.0 MEDIUM | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information. | |||||
CVE-2006-0426 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 7.5 HIGH | N/A |
BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | |||||
CVE-2006-0427 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 2.1 LOW | N/A |
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should have been restricted. | |||||
CVE-2006-0429 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 2.1 LOW | N/A |
BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. | |||||
CVE-2006-0430 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 5.0 MEDIUM | N/A |
Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). |