Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0431 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | |||||
| CVE-2006-0432 | 1 Bea | 1 Weblogic Server | 2017-07-19 | 2.1 LOW | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | |||||
| CVE-2006-0433 | 1 Freebsd | 1 Freebsd | 2017-07-19 | 5.0 MEDIUM | N/A |
| Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not properly handle an incoming selective acknowledgement when there is insufficient memory, which might allow remote attackers to cause a denial of service (infinite loop). | |||||
| CVE-2006-0437 | 1 Phpbb Group | 1 Phpbb | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. | |||||
| CVE-2006-0438 | 1 Phpbb Group | 1 Phpbb | 2017-07-19 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. | |||||
| CVE-2006-0446 | 1 Webwork | 1 Webwork | 2017-07-19 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | |||||
| CVE-2006-0447 | 1 E-post Corporation | 3 Mail Server, Smtp Server, Spa-pro Mail Atsolomon | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | |||||
| CVE-2006-0448 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. | |||||
| CVE-2006-0449 | 1 E-post Corporation | 2 Mail Server, Spa-pro Mail Atsolomon | 2017-07-19 | 5.0 MEDIUM | N/A |
| Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent. | |||||
| CVE-2006-0451 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite. | |||||
| CVE-2006-0452 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 5.0 MEDIUM | N/A |
| dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite. | |||||
| CVE-2006-0453 | 1 Redhat | 1 Fedora Core | 2017-07-19 | 7.8 HIGH | N/A |
| The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite. | |||||
| CVE-2006-0460 | 1 Bomberclone | 1 Bomberclone | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages. | |||||
| CVE-2006-0462 | 1 Andonet | 1 Andonet Blog | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. | |||||
| CVE-2006-0466 | 1 Goldstag | 1 Goldstag Content Management System | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. | |||||
| CVE-2006-0467 | 1 Pioneers | 1 Pioneers | 2017-07-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages. | |||||
| CVE-2006-0470 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection. | |||||
| CVE-2006-0475 | 1 Theworldsend.net | 1 Php-ping | 2017-07-19 | 5.0 MEDIUM | N/A |
| PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter. | |||||
| CVE-2006-0477 | 1 Git | 1 Git | 2017-07-19 | 7.5 HIGH | N/A |
| Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. | |||||
| CVE-2006-0478 | 1 Cre Loaded | 1 Cre Loaded | 2017-07-19 | 7.5 HIGH | N/A |
| CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment." | |||||