Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0621 1 Qnx 1 Rtos 2017-07-19 7.2 HIGH N/A
Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users to execute arbitrary code via a long first argument to the (1) su or (2) passwd commands.
CVE-2006-0622 1 Qnx 1 Rtos 2017-07-19 4.9 MEDIUM N/A
QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of service (hang) by supplying a "break *0xb032d59f" command to gdb.
CVE-2006-0623 1 Qnx 1 Rtos 2017-07-19 7.2 HIGH N/A
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
CVE-2006-0625 1 Spip 1 Spip 2017-07-19 6.4 MEDIUM N/A
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
CVE-2006-0626 1 Spip 1 Spip 2017-07-19 7.5 HIGH N/A
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2006-0631 1 Erik C. Thauvin 1 Mailback 2017-07-19 5.0 MEDIUM N/A
CRLF injection vulnerability in mailback.pl in Erik C. Thauvin mailback allows remote attackers to use mailback as a "spam proxy" by modifying mail headers, including recipient e-mail addresses, via newline characters in the Subject field.
CVE-2006-0647 1 Sun 1 Java System Directory Server 2017-07-19 5.0 MEDIUM N/A
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.
CVE-2006-0649 1 Dataparksearch 1 Dataparksearch 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-0651 1 Vwdev 1 Vwdev 2017-07-19 7.5 HIGH N/A
SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page.
CVE-2006-0652 1 Whmcompletesolution 1 Whmcompletesolution 2017-07-19 6.5 MEDIUM N/A
WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability.
CVE-2006-0657 1 Softcomplex 1 Php Event Calendar 2017-07-19 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS.
CVE-2006-0661 1 Scriptme 2 Sme Blog Host, Sme Gb Host 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag.
CVE-2006-0662 1 Ibm 1 Lotus Domino Inotes Client 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.
CVE-2006-0663 1 Ibm 1 Lotus Domino Inotes Client 2017-07-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename.
CVE-2006-0664 1 Mantis 1 Mantis 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
CVE-2006-0666 1 Ibm 1 Aix 2017-07-19 4.9 MEDIUM N/A
Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.
CVE-2006-0669 1 Gasoft 1 Gas Forum Light 2017-07-19 7.5 HIGH N/A
** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments.
CVE-2006-0671 1 Sony Ericsson 4 K600i, T68i, V600i and 1 more 2017-07-19 7.8 HIGH N/A
Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet.
CVE-2006-0674 1 Ibm 1 Aix 2017-07-19 4.6 MEDIUM N/A
Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.
CVE-2006-0680 1 Plain Black 1 Webgui 2017-07-19 5.0 MEDIUM N/A
Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote attackers to create an account, when anonymous registration is disabled, via a certain URL.