| |
CVE # |
CVE Description |
SAINT® Tutorial |
SAINT® Vuln. ID |
SANS Top 20 |
 |
CVE-2006-0001 |
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepub |
|
 |
CVE-2006-0002 |
Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation. |
Outlook and Outlook Express
Microsoft Exchange vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_client_outlooktnef
mail_smtp_exchangetnef |
|
|
CVE-2006-0003 |
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_mdacrce |
|
|
CVE-2006-0004 |
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF). |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_pptinfo |
|
|
CVE-2006-0005 |
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmpplugin |
|
|
CVE-2006-0006 |
Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmpbmp |
|
|
CVE-2006-0007 |
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepnggif |
|
|
CVE-2006-0008 |
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. |
Windows updates needed
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ime
win_patch_imeoffice |
|
|
CVE-2006-0009 |
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelrs |
|
|
CVE-2006-0010 |
Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_webfonts |
|
|
CVE-2006-0012 |
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_explorercom |
|
|
CVE-2006-0013 |
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_webclient |
|
|
CVE-2006-0014 |
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. |
Outlook and Outlook Express
Note: Authentication is required to detect this vulnerability |
mail_client_msoewab |
|
|
CVE-2006-0015 |
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters. |
http FrontPage
Note: Authentication is required to detect this vulnerability |
web_cms_fp_xss |
|
|
CVE-2006-0020 |
An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_wmf |
|
|
CVE-2006-0021 |
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_igmp |
|
|
CVE-2006-0022 |
Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_pptrecord |
|
|
CVE-2006-0023 |
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_daclpe |
|
|
CVE-2006-0024 |
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. |
Flash vulnerabilities
MacOSX vulnerabilities
Shockwave vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_flash
misc_macosx_version
misc_shockwave |
|
|
CVE-2006-0025 |
Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 allows remote attackers to execute arbitrary code via a PNG image with a large chunk size. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_wmppngbo |
|
|
CVE-2006-0026 |
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). |
http IIS access
Note: Authentication is recommended to improve the accuracy of this check |
web_server_iis_iis |
|
|
CVE-2006-0027 |
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. |
Microsoft Exchange vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_smtp_exchangecdoex |
|
|
CVE-2006-0028 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelrs |
|
|
CVE-2006-0029 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelrs |
|
|
CVE-2006-0030 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelrs |
|
|
CVE-2006-0031 |
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelrs |
|
|
CVE-2006-0032 |
Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_indexingxss |
|
|
CVE-2006-0033 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officepnggif |
|
|
CVE-2006-0034 |
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_dtcdos |
|
 |
CVE-2006-0052 |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. |
Mailman vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman |
|
|
CVE-2006-0058 |
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations. |
Sendmail vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail |
|
|
CVE-2006-0063 |
Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-0080 |
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1) calendar.php and (2) reminder.php. |
vBulletin vulnerabilities
|
web_prog_php_vbulletin |
|
|
CVE-2006-0082 |
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. |
ImageMagick vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_imagemagick |
|
|
CVE-2006-0097 |
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-0105 |
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests. |
PostgreSQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql |
|
|
CVE-2006-0119 |
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP). |
Lotus Domino SMTP vulnerability
|
mail_smtp_domino |
|
|
CVE-2006-0120 |
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed message sent to an "Out Of Office" agent (SPR LPEE6DMQWJ), (2) the compact command (RTIN5U2SAJ), (3) malformed bitmap images (MYAA6FH5HW), (4) the "Delete Attachment" action (YPHG6844LD), (5) parsing certificates from a remote Certificate Table (AELE6DZFJW), and (6) creating a SSL key ring with the Domino Administration client (NSUA4FQPTN). |
Lotus Domino SMTP vulnerability
|
mail_smtp_domino |
|
|
CVE-2006-0121 |
Multiple memory leaks in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (memory consumption and crash) via unknown vectors related to (1) unspecified vectors during the SSL handshake (SPR# MKIN67MQVW), (2) the stash file during the SSL handshake (SPR# MKIN693QUT), and possibly other vectors. NOTE: due to insufficient information in the original vendor advisory, it is not clear whether there is an attacker role in other memory leaks that are specified in the advisory. |
Lotus Domino SMTP vulnerability
|
mail_smtp_domino |
|
|
CVE-2006-0127 |
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0128 |
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0129 |
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0130 |
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0141 |
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. |
Eudora Server vulnerabilities
|
mail_smtp_eudora |
|
|
CVE-2006-0150 |
Multiple format string vulnerabilities in the auth_ldap_log_reason function in Apache auth_ldap 1.6.0 and earlier allows remote attackers to execute arbitrary code via various vectors, including the username. |
Apache authentication modules
Note: Authentication is required to detect this vulnerability |
web_mod_authldap |
|
|
CVE-2006-0162 |
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. |
ClamAV vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx |
|
|
CVE-2006-0188 |
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is normally identified as XSS. |
SquirrelMail vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel |
|
|
CVE-2006-0195 |
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. |
SquirrelMail vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel |
|
|
CVE-2006-0200 |
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-0207 |
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-0208 |
Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-0218 |
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0219 |
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0225 |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. |
MacOSX vulnerabilities
OpenSSH vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_version
shell_ssh_openssh |
|
|
CVE-2006-0230 |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_symscan |
|
|
CVE-2006-0231 |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_symscan |
|
|
CVE-2006-0232 |
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. |
Symantec vulnerabilities
|
misc_av_symantec_symscaninfo |
|
|
CVE-2006-0236 |
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. |
Mozilla Thunderbird vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird |
|
|
CVE-2006-0254 |
Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) time parameter to cal2.jsp and (2) any invalid parameter, which causes an XSS when the log file is viewed by the Web-Access-Log viewer. |
Cross site scripting
|
web_prog_jsp_geronimo |
|
|
CVE-2006-0256 |
Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0257 |
Unspecified vulnerability in the Change Data Capture component of Oracle Database server 9.2.0.7, 10.1.0.5, and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB02. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the CDC_ALLOCATE_LOCK function of the DBMS_CDC_UTILITY package. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0258 |
Unspecified vulnerability in the Connection Manager component of Oracle Database server 8.1.7.4 and 9.0.1.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB03. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0259 |
Multiple unspecified vulnerabilities in Oracle Database server 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB04 and (2) DB06 in the (a) Data Pump component; (3) DB10 in the (b) Net Listener component; and (4) DB16 in the (c) Oracle Text component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB06 is SQL injection in the GENERATE_JOB_NAME, GET_WORKERSTATUSLIST1010, GET_PARAMVALUES1010, GET_DUMPFILESET1010, GET_JOBSTATUS1010, ATTACH, and ESTABLISH_REMOTE_CONTEXT functions in DBMS_DATAPUMP. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0260 |
Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2) DB15 in the (b) Oracle Text component; (3) DB22 in the (c) Streams Apply component; (4) DB23 and (5) DB24 in the (d) Streams Capture component; and (6) DB26 in the (e) Streams Subcomponent. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB05 involves SQL injection in the (f) LONG2VARCHAR, LONG2VCMAX, LONG2VCNT, and LONG2CLOB functions in the DBMS_METADATA_UTIL package; (g) MAKE_FILTER, FETCH_VIEWS_ERROR, FETCH_FILTERS, FETCH_VIEWS, SET_FILTER_COMMON, DO_FILTER_SCRIPT, SET_TABLE_FILTERS, and MAKE_FILTER_TEXT functions in the DBMS_METADATA_INT package; and (h) GET_PREPOST_TABLE_ACT function in the DBMS_METADATA package. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0261 |
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0262 |
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0263 |
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0264 |
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for "DB10". Notes: All CVE users should reference CVE-2006-0259 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0265 |
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0266 |
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0267 |
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0268 |
Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0269 |
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0270 |
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0271 |
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0272 |
Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual credits by the relevant sources, it is highly likely that this issue is a buffer overflow in the (a) DBMS_XMLSCHEMA and (b) DBMS_XMLSCHEMA_INT packages, as exploitable via long arguments to (1) XDB.DBMS_XMLSCHEMA.GENERATESCHEMA or (2) XDB.DBMS_XMLSCHEMA.GENERATESCHEMAS. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-0273 |
Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0274 |
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0275 |
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0282 |
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0283 |
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0284 |
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0285 |
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0286 |
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0287 |
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0288 |
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0289 |
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal. |
Oracle vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias |
|
|
CVE-2006-0290 |
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0291 |
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component. |
Oracle vulnerabilities
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_ias
database_oracle_version |
|
|
CVE-2006-0292 |
The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-0293 |
The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0294 |
Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0295 |
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0296 |
The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-0297 |
Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the (1) EscapeAttributeValue in jsxml.c for E4X, (2) nsSVGCairoSurface::Init in SVG, and (3) nsCanvasRenderingContext2D.cpp in Canvas. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0298 |
The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0299 |
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-0300 |
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. |
GNU tar vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_tar
misc_macosx_version |
|
|
CVE-2006-0321 |
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 |
|
|
CVE-2006-0322 |
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2006-0323 |
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a a size value that is less than the actual size, or (2) other unspecified manipulations. |
RealPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_realplayer |
|
|
CVE-2006-0330 |
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-0337 |
Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allows remote attackers to execute arbitrary code via crafted ZIP archives. |
FSecure vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_fsecurebo |
|
|
CVE-2006-0340 |
Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. |
Cisco SGBP vulnerability
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_sgbp |
|
|
CVE-2006-0341 |
Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0342 |
RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such as "|". |
Rockliffe vulnerabilities
|
mail_web_rockliffe |
|
|
CVE-2006-0344 |
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands. |
FileCOPA FTP vulnerabilities
|
ftp_filecopa |
|
|
CVE-2006-0364 |
Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an IMG element, in which the URI uses SGML numeric character references without trailing semicolons, as demonstrated by "javascript". |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0377 |
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." |
SquirrelMail vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel |
|
|
CVE-2006-0382 |
Apple Mac OS X 10.4.5 and allows local users to cause a denial of service (crash) via an undocumented system call. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-0392 |
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 |
|
|
CVE-2006-0393 |
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 |
|
|
CVE-2006-0401 |
Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-0406 |
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0413 |
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. |
SQL injection
|
web_prog_sql_newsphp |
|
|
CVE-2006-0435 |
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. |
Oracle PLSQL vulnerabilities
Note: Authentication is required to detect this vulnerability |
database_oracle_plsqlgate |
|
|
CVE-2006-0437 |
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-0438 |
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to (1) admin/admin_users.php and (2) modcp.php. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-0441 |
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. |
Sami FTP Server vulnerabilities
|
ftp_sami |
|
|
CVE-2006-0447 |
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. |
Epost vulnerabilities
|
mail_imap_epost
mail_pop_epost
mail_smtp_epost |
|
|
CVE-2006-0448 |
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. |
Epost vulnerabilities
|
mail_imap_epost |
|
|
CVE-2006-0449 |
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent. |
Epost vulnerabilities
|
mail_imap_epost |
|
|
CVE-2006-0450 |
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-0468 |
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. |
CommuniGate vulnerabilities
|
misc_communigateldap |
|
|
CVE-2006-0476 |
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). |
Winamp vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_winamp |
|
|
CVE-2006-0483 |
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet. |
Cisco VPN vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_vpn |
|
|
CVE-2006-0485 |
The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S before 12.2(18)S11, and certain other releases before 25 January 2006 does not perform Authentication, Authorization, and Accounting (AAA) command authorization checks, which may allow local users to execute IOS EXEC commands that were prohibited via the AAA configuration, aka Bug ID CSCeh73049. |
Cisco vulnerabilities
Note: A valid SNMP read community string is required to detect this vulnerability |
net_cisco_ios |
|
|
CVE-2006-0496 |
Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts. |
Netscape Navigator vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_netscape |
|
|
CVE-2006-0503 |
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command. |
MailEnable vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenable |
|
|
CVE-2006-0504 |
Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 allows remote attackers to cause a denial of service (CPU utilization) by viewing "formatted quoted-printable emails" via webmail. |
MailEnable vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_mailenableent |
|
|
CVE-2006-0523 |
SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0524 |
Cross-site scripting (XSS) vulnerability in ashnews.php in Derek Ashauer ashNews 0.83 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
Cross site scripting
|
web_prog_php_ashnewsxss |
|
|
CVE-2006-0529 |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via a crafted message to TCP port 4105. |
CA Message Queuing
Note: Authentication is recommended to improve the accuracy of this check |
misc_cam |
|
|
CVE-2006-0530 |
Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages. |
CA Message Queuing
Note: Authentication is recommended to improve the accuracy of this check |
misc_cam |
|
|
CVE-2006-0543 |
Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Trillian vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trillian |
|
|
CVE-2006-0545 |
SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter. |
UBB threads vulnerabilities
|
web_prog_php_ubb |
|
|
CVE-2006-0553 |
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678. |
PostgreSQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql |
|
|
CVE-2006-0559 |
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. |
WebShield vulnerabilities
|
mail_smtp_webshield |
|
 |
CVE-2006-0580 |
IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial of service (segmentation fault) via a crafted packet to the LDAP port (389/TCP). |
Lotus Domino LDAP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_ldapdomino |
|
|
CVE-2006-0582 |
Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2, when storing forwarded credentials, allows attackers to overwrite arbitrary files and change file ownership via unknown vectors. |
Heimdal telnetd vulnerability
|
shell_r_heimdal |
|
|
CVE-2006-0587 |
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-0593 |
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. |
Cross site scripting
|
web_prog_php_fusionxss |
|
|
CVE-2006-0611 |
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. |
AtMail vulnerabilities
|
mail_web_atmail |
|
|
CVE-2006-0613 |
Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in J2SE 5.0 Update 5 and earlier, allows remote attackers to obtain privileges via unspecified vectors involving untrusted applications. |
Java Web Start
Note: Authentication is required to detect this vulnerability |
misc_javawebstart |
|
|
CVE-2006-0614 |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_javaplugin |
|
|
CVE-2006-0615 |
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 4 and earlier, SDK and JRE 1.4.x through 1.4.2_09 allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "second and third issues." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_javaplugin |
|
|
CVE-2006-0616 |
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_javaplugin |
|
|
CVE-2006-0617 |
Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 Update 5 and earlier allow remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fifth, sixth, and seventh issues." |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_javaplugin |
|
|
CVE-2006-0632 |
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-0638 |
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. |
MyBB vulnerabilities
SQL injection
|
web_prog_php_mybb
web_prog_sql_mybb |
|
|
CVE-2006-0639 |
Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0642 |
Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. |
Trend Micro vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_trendmicrosprotect |
|
|
CVE-2006-0648 |
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. |
PHP injection
|
web_prog_php_icalendar |
|
|
CVE-2006-0656 |
Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. |
HP Systems Insight Manager
|
web_tool_simnamazu |
|
|
CVE-2006-0662 |
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser. |
Lotus Domino HTTP vulnerability
|
web_server_lotus_domino |
|
|
CVE-2006-0663 |
Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded javascript URI, as demonstrated using "java
script:"; or (3) when the Domino Web Access ActiveX control is not installed, via an email attachment filename. |
Lotus Domino HTTP vulnerability
|
web_server_lotus_domino |
|
|
CVE-2006-0664 |
Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2006-0665 |
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2006-0676 |
Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 to 7.8 allows remote attackers to inject arbitrary web script or HTML via the pagetitle parameter. |
Cross site scripting
|
web_prog_php_nukexssheader |
|
|
CVE-2006-0677 |
telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows remote unauthenticated attackers to cause a denial of service (server crash) via unknown vectors that trigger a null dereference. |
Heimdal telnetd vulnerability
|
shell_telnet_heimdal |
|
|
CVE-2006-0678 |
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553. |
PostgreSQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql |
|
|
CVE-2006-0699 |
Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
Cross site scripting
|
web_prog_php_qwikixss |
|
|
CVE-2006-0705 |
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. |
SSH AttachmateWRQ vulnerabilities
SSH Tectia vulnerabilities
|
shell_ssh_fsecure
shell_ssh_tectia
shell_ssh_wrq |
|
|
CVE-2006-0708 |
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. |
Winamp vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_winamp |
|
|
CVE-2006-0717 |
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. |
Tivoli LDAP vulnerabilities
|
misc_ldaptivoli |
|
|
CVE-2006-0720 |
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. |
Winamp vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_winamp |
|
|
CVE-2006-0747 |
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-0748 |
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-0749 |
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-0753 |
Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsstack |
|
|
CVE-2006-0760 |
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2006-0770 |
Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0790 |
Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. |
Rockliffe vulnerabilities
|
mail_misc_rockliffeldap |
|
|
CVE-2006-0798 |
Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. |
MacAllan Mail vulnerabilities
|
mail_imap_macallan |
|
|
CVE-2006-0807 |
Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents. |
NJStar vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_njstar |
|
|
CVE-2006-0813 |
Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive. |
Winace vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_winace |
|
|
CVE-2006-0814 |
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. |
Lighttpd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_lighttpd_version |
|
|
CVE-2006-0825 |
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors. |
Xerox MicroServer vulnerabilities
|
web_tool_microsrvver |
|
|
CVE-2006-0826 |
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to cause a denial of service via a crafted Postscript request. |
Xerox MicroServer vulnerabilities
|
web_tool_microsrvver |
|
|
CVE-2006-0827 |
Cross-site scripting vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
Xerox MicroServer vulnerabilities
|
web_tool_microsrvver |
|
|
CVE-2006-0828 |
Unspecified vulnerability in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allows remote attackers to "reduce effectiveness of security features" via unknown attack vectors. |
Xerox MicroServer vulnerabilities
|
web_tool_microsrvver |
|
|
CVE-2006-0830 |
The scripting engine in Internet Explorer allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary code via a web page that contains a recurrent call to an infinite loop in Javascript or VBscript, which consumes the stack, as demonstrated by resetting the "location" variable within the loop. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsstack |
|
|
CVE-2006-0836 |
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. |
Mozilla Thunderbird vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird |
|
|
CVE-2006-0839 |
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. |
Snort vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_snort |
|
|
CVE-2006-0840 |
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2006-0841 |
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522. |
Mantis vulnerabilities
|
web_prog_php_mantis |
|
|
CVE-2006-0842 |
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
AtMail vulnerabilities
|
mail_web_atmail |
|
|
CVE-2006-0871 |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. |
Mambo vulnerabilities
|
web_prog_sql_mambouser |
|
|
CVE-2006-0884 |
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. |
Mozilla Thunderbird vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird |
|
|
CVE-2006-0888 |
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-0890 |
Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive. |
SpeedProject vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_speedcommander
misc_compress_squeez
misc_compress_zipstar |
|
|
CVE-2006-0900 |
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite. |
FreeBSD nfsd vulnerability
|
rpc_nfs_freebsd |
|
|
CVE-2006-0903 |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query function, but the vendor states that since mysql_query expects a null character, this is not an issue for mysql_query. |
MySQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version |
|
|
CVE-2006-0909 |
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-0910 |
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to list directory contents via a direct request to multiple directories, including (1) sources/loginauth/convert/, (2) sources/portal_plugins/, (3) cache/skin_cache/cacheid_2/, (4) ips_kernel/PEAR/, (5) ips_kernel/PEAR/Text/, (6) ips_kernel/PEAR/Text/Diff/, (7) ips_kernel/PEAR/Text/Diff/Renderer/, (8) style_images/1/folder_rte_files/, (9) style_images/1/folder_js_skin/, (10) style_images/1/folder_rte_images/, and (11) upgrade/ and its subdirectories. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-0913 |
SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through 2.18.4 and 2.20 allows remote authenticated users with administrative privileges to execute arbitrary SQL commands via the whinedays parameter, as accessible from editparams.cgi. |
Bugzilla vulnerabilities
|
web_prog_cgi_bugzilla |
|
|
CVE-2006-0914 |
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error. |
Bugzilla vulnerabilities
|
web_prog_cgi_bugzilla |
|
|
CVE-2006-0915 |
Bugzilla 2.16.10 does not properly handle certain characters in the (1) maxpatchsize and (2) maxattachmentsize parameters in attachment.cgi, which allows remote attackers to trigger a SQL error. |
Bugzilla vulnerabilities
|
web_prog_cgi_bugzilla |
|
|
CVE-2006-0916 |
Bugzilla 2.19.3 through 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another domain. |
Bugzilla vulnerabilities
|
web_prog_cgi_bugzilla |
|
|
CVE-2006-0925 |
Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon 8.1.1 and possibly 8.1.4 allows remote attackers to cause a denial of service (CPU consumption) by creating and then listing folders whose names contain format string specifiers. |
MDaemon vulnerabilities
|
mail_imap_mdaemon |
|
|
CVE-2006-0928 |
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. |
ArGoSoft mail vulnerabilities
|
mail_pop_argosoft |
|
|
CVE-2006-0929 |
Directory traversal vulnerability in the IMAP server in ArGoSoft Mail Server Pro 1.8.8.1 allows remote authenticated users to create arbitrary folders via a .. (dot dot) in the RENAME command. |
ArGoSoft mail vulnerabilities
|
mail_imap_argosoft |
|
|
CVE-2006-0930 |
Directory traversal vulnerability in Webmail in ArGoSoft Mail Server Pro 1.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the UIDL parameter. |
ArGoSoft mail vulnerabilities
|
mail_web_argosoft |
|
|
CVE-2006-0959 |
SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-0971 |
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
http server read access
|
web_server_read |
|
|
CVE-2006-0973 |
SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
SQL injection
|
web_prog_sql_phpwebsitetopics |
|
|
CVE-2006-0977 |
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server. |
SMTP mail relay
|
mail_smtp_relay |
|
|
CVE-2006-0978 |
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. |
ArGoSoft mail vulnerabilities
|
mail_web_argosoft |
|
|
CVE-2006-0981 |
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive. |
Winace vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_winace |
|
|
CVE-2006-0983 |
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
Cross site scripting
|
web_prog_php_qwikixss |
|
|
CVE-2006-0989 |
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
Veritas NetBackup vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo |
|
|
CVE-2006-0990 |
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
Veritas NetBackup vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo |
|
|
CVE-2006-0991 |
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724). |
Veritas NetBackup vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_netbackupvmbo |
|
|
CVE-2006-0992 |
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. |
Novell GroupWise vulnerabilities
|
mail_web_groupwisemessenger |
|
|
CVE-2006-0994 |
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. |
Sophos Antivirus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_sophoscab |
|
|
CVE-2006-0995 |
EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2006-0996 |
Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1014 |
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1015 |
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1016 |
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_icibo |
|
|
CVE-2006-1017 |
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1032 |
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag. |
vulnerable web program
|
web_prog_php_phprpc |
|
|
CVE-2006-1035 |
Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. |
Oracle Diagnostics vulnerabilities
|
database_oracle_jtf |
|
|
CVE-2006-1036 |
Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." |
Oracle Diagnostics vulnerabilities
|
database_oracle_jtf |
|
|
CVE-2006-1037 |
SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via uknown attack vectors. |
Oracle Diagnostics vulnerabilities
|
database_oracle_jtf |
|
|
CVE-2006-1040 |
Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. |
vBulletin vulnerabilities
|
web_prog_php_vbulletin |
|
|
CVE-2006-1043 |
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). |
Visual Studio vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_vstudiobo |
|
|
CVE-2006-1044 |
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. |
Listserv vulnerabilities
|
mail_misc_listserv |
|
|
CVE-2006-1045 |
The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. |
Mozilla Thunderbird vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird |
|
|
CVE-2006-1065 |
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. |
MyBB vulnerabilities
SQL injection
|
web_prog_php_mybb
web_prog_sql_mybb |
|
|
CVE-2006-1076 |
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1078 |
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. |
thttpd vulnerabilities
|
web_server_thttpd |
|
|
CVE-2006-1079 |
htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. |
thttpd vulnerabilities
|
web_server_thttpd |
|
|
CVE-2006-1095 |
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. |
Apache module vulnerabilities
|
web_mod_python |
|
|
CVE-2006-1120 |
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511. |
Cross site scripting
|
web_prog_php_dcpxss |
|
|
CVE-2006-1121 |
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. |
CuteNews vulnerabilities
|
web_prog_php_cutenewsver |
|
|
CVE-2006-1126 |
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-1127 |
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-1128 |
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-1132 |
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. |
SQL injection
|
web_prog_sql_vbzoom |
|
|
CVE-2006-1133 |
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441. |
SQL injection
|
web_prog_sql_vbzoom |
|
|
CVE-2006-1148 |
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. |
Peercast vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_server_peercast |
|
|
CVE-2006-1158 |
Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. |
Kerio MailServer vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_imap_kerio |
|
|
CVE-2006-1159 |
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. |
Easy File Sharing Web Server
|
web_server_efswsver |
|
|
CVE-2006-1160 |
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file. |
Easy File Sharing Web Server
|
web_server_efswsver |
|
|
CVE-2006-1161 |
Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. |
Easy File Sharing Web Server
|
web_server_efswsver |
|
|
CVE-2006-1168 |
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. |
ncompress vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_ncompress |
|
|
CVE-2006-1173 |
Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and might lead to disk consumption by core dump files. |
Sendmail vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_smtp_sendmail |
|
|
CVE-2006-1175 |
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. |
wodSFTP vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_wodsftp |
|
|
CVE-2006-1176 |
Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. |
eBay vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_ebayeps |
|
|
CVE-2006-1184 |
Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_dtcdos |
|
|
CVE-2006-1185 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1186 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1188 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1189 |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1190 |
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1191 |
Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1192 |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1193 |
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing." |
Outlook Web Access
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_owaxss |
|
|
CVE-2006-1196 |
Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. |
Cross site scripting
|
web_prog_php_qwikixss |
|
|
CVE-2006-1206 |
Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. |
Dropbear vulnerability
|
shell_ssh_dropbear |
|
|
CVE-2006-1215 |
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS. |
Woltlab Burning Board vulnerabilities
|
web_prog_php_woltlabbbversion |
|
|
CVE-2006-1219 |
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-1224 |
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. |
GuppY miniPortail vulnerabilities
|
web_prog_php_guppy2e |
|
|
CVE-2006-1230 |
Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. |
Cross site scripting
|
web_prog_php_vcard |
|
|
CVE-2006-1245 |
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1249 |
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large number of blocks. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1253 |
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. |
glFTPd vulnerabilities
|
ftp_glftpd |
|
|
CVE-2006-1255 |
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. |
MERCUR vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
mail_imap_mercur
mail_pop_mercur
mail_smtp_mercur |
|
|
CVE-2006-1258 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminsettheme
web_prog_php_myadminver |
|
|
CVE-2006-1267 |
Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1272 |
Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1281 |
Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE: 1.10 was later reported to be vulnerable. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1282 |
CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP header field, possibly when redirecting to other web pages. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1287 |
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using Internet Explorer. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1288 |
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp pairs and (2) the keys in arrays of key/value pairs in ipsclass.php; (3) the topics variable in usercp.php; and the topicsread cookie in (4) topics.php, (5) search.php, and (6) forums.php. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1291 |
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character. |
PHP injection
|
web_prog_php_icalendar |
|
|
CVE-2006-1292 |
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php. |
PHP injection
|
web_prog_php_icalendar |
|
|
CVE-2006-1293 |
Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). |
Cross site scripting
|
web_prog_php_contrexx |
|
|
CVE-2006-1297 |
Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors." |
Veritas Backup Exec
Veritas NetBackup vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_backupexec
misc_netbackupvmbo |
|
|
CVE-2006-1298 |
Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec. |
Veritas Backup Exec
Note: Authentication is recommended to improve the accuracy of this check |
misc_backupexec |
|
|
CVE-2006-1300 |
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name." |
ASP NET vulnerabilities
|
web_server_iis_dotnetappfolder |
|
|
CVE-2006-1301 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1302 |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1303 |
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-1304 |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1305 |
Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. |
Outlook and Outlook Express
Note: Authentication is required to detect this vulnerability |
mail_client_outlook07003 |
|
|
CVE-2006-1306 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1308 |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1309 |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-1311 |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
Microsoft Office vulnerabilities
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_office2004macver
win_patch_officertfrich
win_patch_rtfrich |
|
|
CVE-2006-1313 |
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_jsrce |
|
|
CVE-2006-1314 |
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_mailslot |
|
|
CVE-2006-1315 |
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_mailslot |
|
|
CVE-2006-1316 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officestrings |
|
|
CVE-2006-1324 |
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated. |
Woltlab Burning Board vulnerabilities
|
web_prog_php_woltlabbbversion |
|
|
CVE-2006-1326 |
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1329 |
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1330 |
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. |
SQL injection
|
web_prog_sql_phpwebsitefriend |
|
|
CVE-2006-1337 |
Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication. |
MailEnable vulnerabilities
|
mail_pop_mailenable
mail_pop_mailenableent
mail_pop_mailenablepro |
|
|
CVE-2006-1338 |
Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable emails". |
MailEnable vulnerabilities
|
mail_web_mailenable |
|
|
CVE-2006-1339 |
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request. |
CuteNews vulnerabilities
|
web_prog_php_cutenewsver |
|
|
CVE-2006-1340 |
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path. |
CuteNews vulnerabilities
|
web_prog_php_cutenewsver |
|
|
CVE-2006-1345 |
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1346 |
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php. |
gCards vulnerabilities
|
web_prog_php_gcards |
|
|
CVE-2006-1347 |
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
gCards vulnerabilities
|
web_prog_php_gcards |
|
|
CVE-2006-1348 |
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346. |
gCards vulnerabilities
|
web_prog_php_gcards |
|
|
CVE-2006-1353 |
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp. |
SQL injection
|
web_prog_sql_aspportal |
|
|
CVE-2006-1354 |
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module. |
RADIUS vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_freeradius |
|
|
CVE-2006-1355 |
avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files. |
Avast vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_avast |
|
|
CVE-2006-1359 |
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1369 |
Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-1370 |
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. |
RealPlayer vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_realplayer |
|
|
CVE-2006-1382 |
PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter. |
PHP injection
|
web_prog_php_vbulletinimpex |
|
|
CVE-2006-1386 |
The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki topics. |
TWiki vulnerabilities
|
web_prog_cgi_twikiver |
|
|
CVE-2006-1387 |
TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE by URL statements that form a loop, such as a page that includes itself. |
TWiki vulnerabilities
|
web_prog_cgi_twikiver |
|
|
CVE-2006-1388 |
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_ctr |
|
|
CVE-2006-1397 |
Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or (2) certain parameters to the login form. |
Cross site scripting
|
web_prog_php_phpadsnew |
|
|
CVE-2006-1428 |
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. |
Cross site scripting
|
web_prog_php_phpcoinxss |
|
|
CVE-2006-1453 |
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1454 |
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1455 |
QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to cause a denial of service (crash and connection interruption) via a QuickTime movie with a missing track, which triggers a null dereference. |
Darwin vulnerabilities
|
web_server_quicktime |
|
|
CVE-2006-1456 |
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during message logging. |
Darwin vulnerabilities
|
web_server_quicktime |
|
|
CVE-2006-1458 |
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1459 |
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1460 |
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1461 |
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1462 |
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1463 |
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1464 |
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1465 |
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-1467 |
Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. |
iTunes vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_itunes |
|
|
CVE-2006-1468 |
Unspecified vulnerability in Apple File Protocol (AFP) server in Apple Mac OS X 10.4 up to 10.4.6 includes the names of restricted files and folders within search results, which might allow remote attackers to obtain sensitive information. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1469 |
Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.6 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1470 |
OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers to cause a denial of service (crash) via an invalid LDAP request that triggers an assert error. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1471 |
Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted plist file. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1472 |
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determing names of unauthorized files and folders via unknown vectors related to the search results. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 |
|
|
CVE-2006-1473 |
Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_patch_secupd2006004 |
|
|
CVE-2006-1480 |
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. |
PHP injection
|
web_prog_php_webalbum |
|
|
CVE-2006-1490 |
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007
web_prog_php_version |
|
|
CVE-2006-1491 |
Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. |
Horde vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde |
|
|
CVE-2006-1494 |
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1498 |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2006-1507 |
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the error parameter to include.php, possibly due to a problem in login/login.php. |
Cross site scripting
|
web_prog_php_kiterrorxss |
|
|
CVE-2006-1516 |
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_handshake
database_mysql_version
misc_macosx_version |
|
|
CVE-2006-1517 |
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version
misc_macosx_version |
|
|
CVE-2006-1518 |
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. |
MySQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version |
|
|
CVE-2006-1526 |
Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. |
X11 vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_x11 |
|
|
CVE-2006-1529 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1530 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1531 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1540 |
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officestrings |
|
|
CVE-2006-1549 |
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1553 |
SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
VSNS Lemon vulnerabilities
|
web_prog_php_vsnslemon |
|
|
CVE-2006-1554 |
Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. |
VSNS Lemon vulnerabilities
|
web_prog_php_vsnslemon |
|
|
CVE-2006-1555 |
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. |
VSNS Lemon vulnerabilities
|
web_prog_php_vsnslemon |
|
|
CVE-2006-1577 |
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. |
Mantis vulnerabilities
|
web_prog_php_mantisxss |
|
|
CVE-2006-1591 |
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_winhlp |
|
|
CVE-2006-1594 |
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. |
Claroline vulnerabilities
|
web_prog_php_clarolinexss2 |
|
|
CVE-2006-1595 |
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. |
Claroline vulnerabilities
|
web_prog_php_clarolinexss2 |
|
|
CVE-2006-1596 |
PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. |
Claroline vulnerabilities
|
web_prog_php_clarolinexss2 |
|
|
CVE-2006-1603 |
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-1608 |
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1614 |
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
ClamAV vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx |
|
|
CVE-2006-1614b |
|
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2006-1615 |
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. |
ClamAV vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_clamwinupx |
|
|
CVE-2006-1615b |
|
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam |
|
|
CVE-2006-1625 |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1626 |
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-1627 |
Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. |
Adobe Server vulnerabilities
|
misc_adoberdrext |
|
|
CVE-2006-1630 |
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." |
ClamAV vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx |
|
|
CVE-2006-1652 |
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. |
VNC detected
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
misc_vncbo |
|
|
CVE-2006-1654 |
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. |
http server read access
|
web_server_read |
|
|
CVE-2006-1678 |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-1693 |
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. |
GlobalSCAPE Secure FTP
|
ftp_globalscape |
|
|
CVE-2006-1696 |
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
Gallery vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_galleryversion |
|
|
CVE-2006-1712 |
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. |
Mailman vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman |
|
|
CVE-2006-1716 |
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1717 |
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1718 |
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. |
Administration File Access
|
web_prog_file_clevercopy |
|
|
CVE-2006-1721 |
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. |
Cyrus SASL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_cyrussasl
misc_macosx_patch_secupd2006006
misc_macosx_version |
|
|
CVE-2006-1723 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1724 |
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1725 |
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1726 |
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1727 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-1728 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-1729 |
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_mozilla
web_client_seamonkey |
|
|
CVE-2006-1730 |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-1731 |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1732 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1733 |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1734 |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1735 |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1736 |
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1737 |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary bytecode via JavaScript with a large regular expression. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1738 |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1739 |
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain Cascading Style Sheets (CSS) that causes an out-of-bounds array write and buffer overflow. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1740 |
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1741 |
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1742 |
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1759 |
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. |
Cross site scripting
|
web_prog_php_confixxxss |
|
|
CVE-2006-1773 |
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php. |
SQL injection
|
web_prog_sql_phpkitinclude |
|
|
CVE-2006-1776 |
PHP remote file inclusion vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the s parameter. |
Simplog vulnerabilities
|
web_prog_php_simplog |
|
|
CVE-2006-1777 |
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php. |
Simplog vulnerabilities
|
web_prog_php_simplog |
|
|
CVE-2006-1778 |
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and (3) y parameters in archive.php, and the (4) sql parameter in (c) server.php. |
Simplog vulnerabilities
|
web_prog_php_simplog |
|
|
CVE-2006-1779 |
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. |
Simplog vulnerabilities
|
web_prog_php_simplog |
|
|
CVE-2006-1785 |
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. |
Adobe Server vulnerabilities
|
misc_adoberdrext |
|
|
CVE-2006-1786 |
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op paremeter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. |
Adobe Server vulnerabilities
|
misc_adoberdrext |
|
|
CVE-2006-1787 |
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. |
Adobe Server vulnerabilities
|
misc_adoberdrext |
|
|
CVE-2006-1788 |
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. |
Adobe Server vulnerabilities
|
misc_adoberdrext |
|
|
CVE-2006-1790 |
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_mozilla |
|
|
CVE-2006-1799 |
censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. |
vulnerable web program
|
web_prog_cgi_censtore |
|
|
CVE-2006-1803 |
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-1804 |
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-1812 |
phpWebFTP 3.2 and earlier stores script.js under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. |
phpWebFTP vulnerabilities
|
web_prog_php_webftp |
|
|
CVE-2006-1813 |
Directory traversal vulnerability in index.php in phpWebFTP 3.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter. |
phpWebFTP vulnerabilities
|
web_prog_php_webftp |
|
|
CVE-2006-1819 |
Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". |
vulnerable web program
|
web_prog_php_websitetrav |
|
|
CVE-2006-1834 |
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. |
Opera vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_opera |
|
|
CVE-2006-1861 |
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493. |
MacOSX vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_macosx_version |
|
|
CVE-2006-1866 |
Multiple unspecified vulnerabilities in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and other versions have unknown impact and attack vectors in the (1) Advanced Replication component, as identified by Vuln# DB01, and (2) Oracle Spatial component, as identified by Vuln# DB10. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that DB01 is an unknown issue in the DBMS_REPUTIL package, and DB10 is SQL injection in the INSERT_CATALOG, UPDATE_CATALOG, and DELETE_CATALOG functions of the SDO_CATALOG package. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1867 |
Unspecified vulnerability in Oracle Database Server 9.2.0.6 has unknown impact and attack vectors in the Advanced Replication component, aka Vuln# DB02. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1868 |
Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package, aka Vuln# DB03. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1869 |
Unspecified vulnerability in Oracle Database Server 8.1.7.4 and 9.0.1.5 has unknown impact and attack vectors in the Dictionary component, aka Vuln# DB04. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1870 |
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 has unknown impact and attack vectors in the Export component, aka Vuln# DB05. NOTE: details are unavailable from Oracle, but as of 20060427, they have not publicly commented on whether DB05 is the same issue as CVE-2006-2081. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1871 |
SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1872 |
Unspecified vulnerability in Oracle Database Server 9.0.1.5 and 9.2.0.7 has unknown impact and attack vectors in the Oracle Enterprise Manager Intelligent Agent component, aka Vuln# DB07. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1873 |
Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, and 10.2.0.1 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB08. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1874 |
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB09. NOTE: Oracle has not disputed reliable claims that this issue is SQL injection in MDSYS.PRVT_IDX using the (1) EXECUTE_INSERT, (2) EXECUTE_DELETE, (3) EXECUTE_UPDATE, (4) EXECUTE UPDATE, and (5) CRT_DUMMY functions. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1875 |
Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB11. NOTE: Oracle has not disputed reliable researcher claims that this issue is SQL injection in MDSYS.SDO_LRS_TRIG_INS. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1876 |
Unspecified vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.4 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB12. NOTE: details are unavailable from Oracle, but as of 20060421, they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the (1) GEN_RID_RANGE_BY_AREA and (2) GEN_RID_RANGE functions in the MDSYS.SDO_PRIDX package. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1877 |
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, and 9.2.0.7 has unknown impact and attack vectors in the Oracle Spatial component, aka Vuln# DB13. |
Oracle Database vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_oracle_version |
|
|
CVE-2006-1889 |
Cross-site scripting (XSS) vulnerability in the search action handler in index.php in Nils Asmussen (aka SCRIPTSOLUTION) Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item (keyword parameter). |
Cross site scripting
|
web_prog_php_boardsolution |
|
|
CVE-2006-1896 |
Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability. |
phpBB vulnerabilities
|
web_prog_php_bbver |
|
|
CVE-2006-1910 |
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
Serendipity vulnerabilities
|
web_prog_php_serendipity |
|
|
CVE-2006-1911 |
Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1912 |
MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1921 |
nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. |
vulnerable web program
|
web_prog_php_nettools |
|
|
CVE-2006-1925 |
Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE: this can also produce resultant XSS when the target file does not exist. |
CuteNews vulnerabilities
|
web_prog_php_cutenewsver |
|
|
CVE-2006-1931 |
The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. |
Ruby vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_dev_ruby |
|
|
CVE-2006-1932 |
Off-by-one error in the OID printing routine in Ethereal 0.10.x up to 0.10.14 has unknown impact and remote attack vectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1933 |
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1934 |
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1935 |
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1936 |
Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1937 |
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1938 |
Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via the (1) Sniffer capture or (2) SMB PIPE dissector. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1939 |
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1940 |
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector. |
Ethereal vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_ethereal |
|
|
CVE-2006-1942 |
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." |
Mozilla vulnerabilities
Netscape Navigator vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_netscape
web_client_seamonkey |
|
|
CVE-2006-1974 |
SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-1989 |
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. |
ClamAV vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_av_clam
misc_av_clamwinupx
misc_macosx_version |
|
|
CVE-2006-1990 |
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, which triggers a heap-based buffer overflow in a memcpy function call, a different vulnerability than CVE-2002-1396. |
MacOSX vulnerabilities
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007
web_prog_php_version |
|
|
CVE-2006-1991 |
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-1992 |
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_object |
|
|
CVE-2006-1993 |
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2006-2016 |
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. |
Cross site scripting
|
web_prog_php_ldapadminxss |
|
|
CVE-2006-2024 |
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2025 |
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2026 |
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2028 |
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal. |
Simplog vulnerabilities
|
web_prog_sql_simplog |
|
|
CVE-2006-2029 |
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. |
Simplog vulnerabilities
|
web_prog_sql_simplog |
|
|
CVE-2006-2031 |
Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-2039 |
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. |
Help Center Live vulnerabilities
|
web_prog_php_hclver |
|
|
CVE-2006-2042 |
Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that allows SQL injection attacks in the (1) ColdFusion, (2) PHP mySQL, (3) ASP, (4) ASP.NET, and (5) JSP server models. |
Dreamweaver vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_cms_dw |
|
|
CVE-2006-2048 |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE: it is possible that the affected version is actually 3.2. |
phpWebFTP vulnerabilities
|
web_prog_php_webftp |
|
|
CVE-2006-2061 |
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters. |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-2069 |
The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets. |
PowerDNS vulnerabilities
|
dns_power |
|
|
CVE-2006-2072 |
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite. |
DeleGate DNS vulnerabilities
|
dns_delegate |
|
|
CVE-2006-2073 |
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite. |
DNS vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
dns_bindtsig |
|
|
CVE-2006-2083 |
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow. |
rsyncd vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_rsyncdver |
|
|
CVE-2006-2085 |
Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. |
SpeedProject vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_compress_speedcommanderbo
misc_compress_squeez |
|
|
CVE-2006-2093 |
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory. |
Nessus vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_nessusgui |
|
|
CVE-2006-2094 |
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_object |
|
|
CVE-2006-2097 |
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM). |
Invision Power Board
|
web_prog_php_ipbversion |
|
|
CVE-2006-2103 |
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. |
MyBB vulnerabilities
SQL injection
|
web_prog_php_mybb
web_prog_sql_mybb |
|
|
CVE-2006-2111 |
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability." |
Outlook and Outlook Express
Windows Mail vulnerabilities
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_oe
mail_client_windowsmail
win_patch_ie_object |
|
|
CVE-2006-2112 |
Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. |
Fuji Xerox Printing Systems vulnerabilities
|
printer_fxpsbypass |
|
|
CVE-2006-2113 |
The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which allows remote attackers to modify system configuration via crafted requests, including changing the administrator password or causing a denial of service to the print server. |
Fuji Xerox Printing Systems vulnerabilities
|
printer_fxpsbypass |
|
|
CVE-2006-2120 |
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2148 |
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. |
CGI IRC vulnerabilities
|
web_prog_cgi_irc |
|
|
CVE-2006-2162 |
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. |
Nagios vulnerabilities
|
web_tool_nagios |
|
|
CVE-2006-2170 |
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. |
ArGoSoft FTP vulnerabilities
|
ftp_argosoft |
|
|
CVE-2006-2171 |
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. |
WarFTPd server vulnerabilities
|
ftp_warftpd |
|
|
CVE-2006-2172 |
Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as demonstrated by the Infigo FTPStress Fuzzer. |
Gene6 FTP server vulnerabilities
|
ftp_gene6 |
|
|
CVE-2006-2173 |
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. |
FileZilla server vulnerabilities
|
ftp_filezilla |
|
|
CVE-2006-2180 |
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer. |
Golden FTP vulnerabilities
|
ftp_golden |
|
|
CVE-2006-2193 |
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2195 |
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. |
Horde vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_horde |
|
|
CVE-2006-2198 |
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice |
|
|
CVE-2006-2199 |
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. |
OpenOffice vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openoffice |
|
|
CVE-2006-2212 |
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. |
Sami FTP Server vulnerabilities
|
ftp_sami |
|
|
CVE-2006-2218 |
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-2223 |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. |
Zebra Quagga Routing Suite
Note: Authentication is recommended to improve the accuracy of this check |
net_quagga |
|
|
CVE-2006-2224 |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. |
Zebra Quagga Routing Suite
Note: Authentication is recommended to improve the accuracy of this check |
net_quagga |
|
|
CVE-2006-2225 |
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. |
XM FTP vulnerabilities
|
ftp_xm |
|
|
CVE-2006-2226 |
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. |
XM FTP vulnerabilities
|
ftp_xm |
|
|
CVE-2006-2237 |
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. |
vulnerable web program
|
web_prog_cgi_awstatsmigrate |
|
|
CVE-2006-2238 |
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue was originally included as item 3 in CVE-2006-1983, but it has been given a separate identifier because it is a distinct issue. |
QuickTime vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_quicktime |
|
|
CVE-2006-2254 |
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. |
FileCOPA FTP vulnerabilities
|
ftp_filecopa |
|
|
CVE-2006-2263 |
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
SQL injection
|
web_prog_sql_vpasp3 |
|
|
CVE-2006-2276 |
bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface. |
Zebra Quagga Routing Suite
Note: Authentication is recommended to improve the accuracy of this check |
net_quagga |
|
|
CVE-2006-2285 |
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. |
Claroline vulnerabilities
|
web_prog_php_dokeosver |
|
|
CVE-2006-2286 |
Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php. |
Claroline vulnerabilities
|
web_prog_php_dokeosver |
|
|
CVE-2006-2310 |
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2. |
Cross site scripting
|
web_server_css |
|
|
CVE-2006-2311 |
Cross-site scripting (XSS) vulnerability in BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to inject arbitrary web script or HTML via the filename in a request to a (1) .cfm or (2) .cfml file, which reflects the result in the default error page. |
Cross site scripting
|
web_server_css |
|
|
CVE-2006-2313 |
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." |
PostgreSQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql |
|
|
CVE-2006-2314 |
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. |
PostgreSQL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_pgsql |
|
|
CVE-2006-2327 |
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. |
Novell Print Services vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check unless dangerous checks are enabled |
printer_netware |
|
|
CVE-2006-2330 |
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata. |
SQL injection
|
web_prog_sql_phpfusion |
|
|
CVE-2006-2333 |
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. |
MyBB vulnerabilities
SQL injection
|
web_prog_php_mybb
web_prog_sql_mybb |
|
|
CVE-2006-2336 |
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. |
MyBB vulnerabilities
SQL injection
|
web_prog_php_mybb
web_prog_sql_mybb |
|
|
CVE-2006-2351 |
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2352 |
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2353 |
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2354 |
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2355 |
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2356 |
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2357 |
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp. |
WhatsUp Gold vulnerabilities
|
web_tool_whatsupsource |
|
|
CVE-2006-2364 |
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message. |
http Cold Fusion
|
web_prog_cfm_requiredxss |
|
|
CVE-2006-2369 |
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password. |
VNC detected
|
misc_realvncpwbypass |
|
|
CVE-2006-2370 |
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_rasman |
|
|
CVE-2006-2371 |
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_rasman |
|
|
CVE-2006-2372 |
Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_dhcpclient |
|
|
CVE-2006-2373 |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_smbinvalidhandle |
|
|
CVE-2006-2374 |
The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) via by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_smbinvalidhandle |
|
|
CVE-2006-2378 |
Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_art |
|
|
CVE-2006-2379 |
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing. |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_tcpiprce |
|
|
CVE-2006-2380 |
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability." |
Windows updates needed
Note: Authentication is required to detect this vulnerability |
win_patch_rpcmutauth |
|
|
CVE-2006-2382 |
Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-2383 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-2384 |
Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-2385 |
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. |
Internet Explorer vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_ie_xcpthandling |
|
|
CVE-2006-2386 |
Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. |
Outlook and Outlook Express
Note: Authentication is required to detect this vulnerability |
mail_client_oecontact |
|
|
CVE-2006-2387 |
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excel06059 |
|
|
CVE-2006-2388 |
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_excelzero |
|
|
CVE-2006-2389 |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_officestrings |
|
|
CVE-2006-2391 |
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. |
EMC Dantz vulnerabilities
|
misc_retrospectver |
|
|
CVE-2006-2403 |
Buffer overflow in FileZilla before 2.2.23 allows remote attackers to execute arbitrary commands via unknown attack vectors. |
FileZilla client vulnerabilities
Note: Authentication is required to detect this vulnerability |
ftp_filezillaclient |
|
|
CVE-2006-2407 |
Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string. |
wodSSHServer vulnerabilities
|
shell_ssh_wod |
|
|
CVE-2006-2417 |
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before 2.8.0.4 allows remote attackers to inject arbitrary web script or HTML via the theme parameter in unknown scripts. NOTE: the lang parameter is already covered by CVE-2006-2031. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-2418 |
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts. |
phpMyAdmin vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_myadminver |
|
|
CVE-2006-2423 |
Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. |
Cross site scripting
|
web_prog_php_confixxxss |
|
|
CVE-2006-2426 |
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. |
Java Plugin vulnerability
Note: Authentication is required to detect this vulnerability |
web_client_javaplugin |
|
|
CVE-2006-2440 |
Heap-based buffer overflow in the libMagick componet of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. |
ImageMagick vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_imagemagick |
|
|
CVE-2006-2447 |
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username. |
SpamAssassin vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_misc_spamassassin
mail_misc_spamd |
|
|
CVE-2006-2454 |
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. |
Lotus Notes email client vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_notesalt |
|
|
CVE-2006-2459 |
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. |
SQL injection
|
web_prog_sql_phpfusion |
|
|
CVE-2006-2489 |
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162. |
Nagios vulnerabilities
|
web_tool_nagios |
|
|
CVE-2006-2492 |
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. |
Microsoft Office vulnerabilities
Note: Authentication is required to detect this vulnerability |
win_patch_wordtags |
|
|
CVE-2006-2496 |
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. |
Novell eDirectory HTTP
|
web_tool_edirectorybo |
|
|
CVE-2006-2502 |
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. |
Cyrus imap version
|
mail_pop_cyruspopsub |
|
|
CVE-2006-2516 |
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. |
PHP injection
|
web_prog_php_xoops2 |
|
|
CVE-2006-2541 |
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. |
SQL injection
|
web_prog_sql_zixforum |
|
|
CVE-2006-2563 |
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. |
PHP vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_version |
|
|
CVE-2006-2568 |
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. |
UBB threads vulnerabilities
|
web_prog_php_ubb |
|
|
CVE-2006-2569 |
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
Woltlab Burning Board vulnerabilities
|
web_prog_php_woltlabbbversion |
|
|
CVE-2006-2579 |
Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. |
HP Openview vulnerabilities
|
net_ovsdpver |
|
|
CVE-2006-2583 |
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter. |
Nucleus vulnerabilities
|
web_prog_php_nucleusver |
|
|
CVE-2006-2589 |
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-2611 |
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. |
MediaWiki vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_mediawiki |
|
|
CVE-2006-2630 |
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. |
Symantec vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_symantec_rtss |
|
|
CVE-2006-2646 |
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote). |
MDaemon vulnerabilities
|
mail_imap_mdaemon |
|
|
CVE-2006-2656 |
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. |
libtiff vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_tiff |
|
|
CVE-2006-2667 |
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2006-2675 |
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. |
UBB threads vulnerabilities
|
web_prog_php_ubb |
|
|
CVE-2006-2685 |
PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to (1) base_qry_common.php, (2) base_stat_common.php, and (3) includes/base_include.inc.php. |
PHP injection
|
web_prog_php_baseqry |
|
|
CVE-2006-2691 |
Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. |
peer to peer file sharing
|
misc_p2p_amule |
|
|
CVE-2006-2692 |
Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. |
peer to peer file sharing
|
misc_p2p_amule |
|
|
CVE-2006-2702 |
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. |
WordPress vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_prog_php_wordpress |
|
|
CVE-2006-2742 |
SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2006-2743 |
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2006-2753 |
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. |
MySQL vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
database_mysql_version
misc_macosx_version |
|
|
CVE-2006-2754 |
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. |
OpenLDAP vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_openldap |
|
|
CVE-2006-2755 |
Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. |
UBB threads vulnerabilities
|
web_prog_php_ubb |
|
|
CVE-2006-2766 |
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. |
Outlook and Outlook Express
Note: Authentication is required to detect this vulnerability |
mail_client_oemhtmlparse |
|
|
CVE-2006-2769 |
The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. |
Snort vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_snort |
|
|
CVE-2006-2775 |
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2776 |
Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2777 |
Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2778 |
The crypto.signText function in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to execute arbitrary code via certain optional Certificate Authority name arguments, which causes an invalid array index and triggers a buffer overflow. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2779 |
Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2780 |
Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "jsstr tagify," which leads to memory corruption. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2781 |
Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a VCard that contains invalid base64 characters. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2782 |
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2783 |
Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode Byte-order-Mark (BOM) from a UTF-8 page before the page is passed to the parser, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a BOM sequence in the middle of a dangerous tag such as SCRIPT. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Safari vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_safari
web_client_seamonkey |
|
|
CVE-2006-2784 |
The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is used for downloading software from a remote web site, so this issue would not cross privilege boundaries if the user progresses to the point of installing malicious software from the attacker-controlled site. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox |
|
|
CVE-2006-2785 |
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into (1) performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or (2) selecting "Show only this frame" on a frame whose SRC attribute contains a Javascript URL. |
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2786 |
HTTP response smuggling vulnerability in Mozilla Firefox and Thunderbird before 1.5.0.4, when used with certain proxy servers, allows remote attackers to cause Firefox to interpret certain responses as if they were responses from two different sites via (1) invalid HTTP response headers with spaces between the header name and the colon, which might not be ignored in some cases, or (2) HTTP 1.1 headers through an HTTP 1.0 proxy, which are ignored by the proxy but processed by the client. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2787 |
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2788 |
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. |
Mozilla Thunderbird vulnerabilities
Mozilla vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_thunderbird
web_client_firefox
web_client_seamonkey |
|
|
CVE-2006-2789 |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. |
GNOME Evolution vulnerabilities
Note: Authentication is required to detect this vulnerability |
mail_client_evolution |
|
|
CVE-2006-2792 |
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
Woltlab Burning Board vulnerabilities
|
web_prog_php_woltlabbbversion |
|
|
CVE-2006-2806 |
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. |
Apache James vulnerabilities
|
mail_smtp_apachejames |
|
|
CVE-2006-2810 |
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. |
Cross site scripting
|
web_prog_php_vcardtoprated |
|
|
CVE-2006-2828 |
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. |
PHP injection
|
web_prog_php_nukeadmin |
|
|
CVE-2006-2830 |
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. |
Rendezvous vulnerabilities
|
web_tool_rendezvous |
|
|
CVE-2006-2831 |
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2006-2832 |
Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2006-2833 |
Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. |
Drupal vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
web_cms_drupal |
|
|
CVE-2006-2838 |
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host. |
FSecure vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_fsecureconsole |
|
|
CVE-2006-2842 |
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable. |
SquirrelMail vulnerabilities
MacOSX vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_web_squirrel
misc_macosx_version |
|
|
CVE-2006-2851 |
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. |
dotProject vulnerabilities
|
web_prog_php_dotprojectver |
|
|
CVE-2006-2868 |
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 allow remote attackers to execute arbitrary PHP code via a URL in the includePath cookie to (1) auth/extauth/drivers/mambo.inc.php or (2) auth/extauth/drivers/postnuke.inc.php. |
PHP injection
|
web_prog_php_clarolinemambo
web_prog_php_clarolinepn |
|
|
CVE-2006-2869 |
Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. |
Avast vulnerabilities
Note: Authentication is required to detect this vulnerability |
misc_av_avast |
|
|
CVE-2006-2887 |
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. |
SQL injection
|
web_prog_sql_mynewsletter |
|
|
CVE-2006-2894 |
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. |
Mozilla vulnerabilities
Netscape Navigator vulnerabilities
Note: Authentication is required to detect this vulnerability |
web_client_firefox
web_client_netscape
web_client_seamonkey |
|
|
CVE-2006-2898 |
The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 and 1.0.x before 1.0.11 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via truncated IAX 2 (IAX2) video frames, which bypasses a length check and leads to a buffer overflow involving negative length check. NOTE: the vendor advisory claims that only a DoS is possible, but the original researcher is reliable. |
Asterisk vulnerabilities
Note: Authentication is required to detect this vulnerability |
net_asterisk |
|
|
CVE-2006-2901 |
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. |
DLink Access Point
|
net_dlinkcfg |
|
|
CVE-2006-2908 |
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. |
MyBB vulnerabilities
|
web_prog_php_mybb |
|
|
CVE-2006-2917 |
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands. |
WinGate mail vulnerabilities
|
mail_imap_wingate |
|
|
CVE-2006-2926 |
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. |
WinGate proxy vulnerability
|
web_proxy_wingatever |
|
|
CVE-2006-2934 |
SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an invalid value that is later used to dereference a pointer. |
Linux SCTP vulnerability
|
misc_linuxsctp |
|
|
CVE-2006-2937 |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition. |
MacOSX vulnerabilities
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007
misc_openssl |
|
|
CVE-2006-2940 |
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification. |
MacOSX vulnerabilities
OpenSSL vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
misc_macosx_patch_secupd2006007
misc_openssl |
|
|
CVE-2006-2941 |
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". |
Mailman vulnerabilities
Note: Authentication is recommended to improve the accuracy of this check |
mail_misc_mailman |
|
|