259851
|
6.5 |
MEDIUM
|
horde
|
ingo_h3
|
procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule.
|
NVD-CWE-Other
|
CVE-2006-5449
|
2011-03-8 11:43 |
2006-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259852
|
6.5 |
MEDIUM
|
horde
|
ingo_h3
|
This vulnerability is addressed in the following product release:
Horde, Ingo, 1.1.2
|
NVD-CWE-Other
|
CVE-2006-5449
|
2011-03-8 11:43 |
2006-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259853
|
5.4 |
MEDIUM
|
rpm ubuntu
|
package_manager ubuntu_linux
|
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to ex…
|
NVD-CWE-Other
|
CVE-2006-5466
|
2011-03-8 11:43 |
2006-11-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259854
|
5.4 |
MEDIUM
|
rpm ubuntu
|
package_manager ubuntu_linux
|
Successful exploitation may allow the execution of arbitrary code, but requires that certain locales are set (e.g. ru_RU.UTF-8).
There are patches available for each affected Ubuntu product.
|
NVD-CWE-Other
|
CVE-2006-5466
|
2011-03-8 11:43 |
2006-11-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259855
|
5.1 |
MEDIUM
|
xchangeboard
|
xchangeboard
|
Multiple SQL injection vulnerabilities in the checkUser function in inc/DBInterface.php in XchangeBoard 1.70 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrar…
|
NVD-CWE-Other
|
CVE-2006-5500
|
2011-03-8 11:43 |
2006-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259856
|
5.1 |
MEDIUM
|
xchangeboard
|
xchangeboard
|
Successful exploitation requires that "magic_quotes_gpc" is disabled.
|
NVD-CWE-Other
|
CVE-2006-5500
|
2011-03-8 11:43 |
2006-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259857
|
4.3 |
MEDIUM
|
maxdev
|
md-pro
|
Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this informa…
|
NVD-CWE-Other
|
CVE-2006-5564
|
2011-03-8 11:43 |
2006-10-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259858
|
5.0 |
MEDIUM
|
maxdev
|
md-pro
|
CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a)…
|
NVD-CWE-Other
|
CVE-2006-5565
|
2011-03-8 11:43 |
2006-10-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259859
|
10.0 |
HIGH
|
nmnlogger
|
nmnlogger
|
Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.
|
NVD-CWE-Other
|
CVE-2006-5642
|
2011-03-8 11:43 |
2006-11-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259860
|
10.0 |
HIGH
|
nmnlogger
|
nmnlogger
|
This vulnerability is addressed in the following product release:
NmnLogger, NmnLogger, 1.1
|
NVD-CWE-Other
|
CVE-2006-5642
|
2011-03-8 11:43 |
2006-11-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259861
|
10.0 |
HIGH
|
vilistextum
|
vilistextum
|
Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2006-5657
|
2011-03-8 11:43 |
2006-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259862
|
4.6 |
MEDIUM
|
ibm
|
informix_client_sdk informix_dynamic_server informix_i-connect
|
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gai…
|
NVD-CWE-Other
|
CVE-2006-5663
|
2011-03-8 11:43 |
2006-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259863
|
4.6 |
MEDIUM
|
ibm
|
informix_client_sdk informix_dynamic_server informix_i-connect
|
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symli…
|
NVD-CWE-Other
|
CVE-2006-5664
|
2011-03-8 11:43 |
2006-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259864
|
7.5 |
HIGH
|
free_php_scripts
|
free_image_hosting
|
PHP remote file inclusion vulnerability in contact.php in Free Image Hosting 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. NOTE: the …
|
NVD-CWE-Other
|
CVE-2006-5671
|
2011-03-8 11:43 |
2006-11-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259865
|
2.6 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that…
|
NVD-CWE-Other
|
CVE-2006-5681
|
2011-03-8 11:43 |
2006-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259866
|
2.6 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
Successful exploitation requires that the affected products are used in conjunction with Quartz Composer.
|
NVD-CWE-Other
|
CVE-2006-5681
|
2011-03-8 11:43 |
2006-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259867
|
6.0 |
MEDIUM
|
wordpress
|
wordpress
|
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequen…
|
NVD-CWE-Other
|
CVE-2006-5705
|
2011-03-8 11:43 |
2006-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259868
|
10.0 |
HIGH
|
alt-n
|
mdaemon
|
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
|
NVD-CWE-Other
|
CVE-2006-5709
|
2011-03-8 11:43 |
2006-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259869
|
5.1 |
MEDIUM
|
middlebury_college
|
segue_cms
|
Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 and earlier, when magic_quotes_gpc is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the theme parame…
|
NVD-CWE-Other
|
CVE-2006-5722
|
2011-03-8 11:43 |
2006-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259870
|
5.1 |
MEDIUM
|
middlebury_college
|
segue_cms
|
Successful exploitation requires that "magic_quotes_gpc" is disabled.
|
NVD-CWE-Other
|
CVE-2006-5722
|
2011-03-8 11:43 |
2006-11-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259871
|
4.9 |
MEDIUM
|
sun
|
solaris
|
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
|
NVD-CWE-Other
|
CVE-2006-5726
|
2011-03-8 11:43 |
2006-11-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259872
|
10.0 |
HIGH
|
jonathon_j._freeman
|
ovbb
|
Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2006-5809
|
2011-03-8 11:43 |
2006-11-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259873
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unkn…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-5859
|
2011-03-8 11:43 |
2007-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259874
|
4.3 |
MEDIUM
|
adobe
|
coldfusion
|
Successful exploitation requires that Global Script Protection is not enabled.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-5859
|
2011-03-8 11:43 |
2007-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259875
|
5.1 |
MEDIUM
|
pstotext
|
pstotext
|
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
|
NVD-CWE-Other
|
CVE-2006-5869
|
2011-03-8 11:43 |
2006-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259876
|
7.5 |
HIGH
|
cchost
|
cchost
|
SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some…
|
NVD-CWE-Other
|
CVE-2006-4778
|
2011-03-8 11:42 |
2006-09-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259877
|
6.2 |
MEDIUM
|
roxio
|
toast
|
Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are execu…
|
CWE-362
競合状態
|
CVE-2006-4801
|
2011-03-8 11:42 |
2006-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259878
|
10.0 |
HIGH
|
iodine
|
iodine
|
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
|
NVD-CWE-Other
|
CVE-2006-4831
|
2011-03-8 11:42 |
2006-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259879
|
10.0 |
HIGH
|
iodine
|
iodine
|
This vulnerability is addressed in the following product release:
Iodine, Iodine, 0.3.2
|
NVD-CWE-Other
|
CVE-2006-4831
|
2011-03-8 11:42 |
2006-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259880
|
4.3 |
MEDIUM
|
paul_smith_computer_services
|
vcap
|
Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in Registe…
|
NVD-CWE-Other
|
CVE-2006-5035
|
2011-03-8 11:42 |
2006-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259881
|
5.0 |
MEDIUM
|
andreas_gohr
|
dokuwiki
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
|
NVD-CWE-Other
|
CVE-2006-5098
|
2011-03-8 11:42 |
2006-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259882
|
7.5 |
HIGH
|
andreas_gohr
|
dokuwiki
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w a…
|
NVD-CWE-Other
|
CVE-2006-5099
|
2011-03-8 11:42 |
2006-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259883
|
5.1 |
MEDIUM
|
facileforms
|
facileforms
|
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web sc…
|
NVD-CWE-Other
|
CVE-2006-5106
|
2011-03-8 11:42 |
2006-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259884
|
5.4 |
MEDIUM
|
intoto
|
igateway_ssl-vpn igateway_vpn
|
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public mod…
|
NVD-CWE-Other
|
CVE-2006-5179
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259885
|
5.4 |
MEDIUM
|
intoto
|
igateway_ssl-vpn igateway_vpn
|
It is reported that a patch may be obtained by contacting Intoto at the following email address: support@intoto.com
|
NVD-CWE-Other
|
CVE-2006-5179
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259886
|
6.4 |
MEDIUM
|
trend_micro
|
officescan_corporate_edition
|
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7…
|
NVD-CWE-Other
|
CVE-2006-5211
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259887
|
6.4 |
MEDIUM
|
trend_micro
|
officescan_corporate_edition
|
A security patch for each affected product has been released by the vendor.
|
NVD-CWE-Other
|
CVE-2006-5211
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259888
|
5.0 |
MEDIUM
|
trend_micro
|
officescan
|
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7…
|
NVD-CWE-Other
|
CVE-2006-5212
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259889
|
7.5 |
HIGH
|
dimension_of_phpbb
|
dimension_of_phpbb
|
PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path par…
|
NVD-CWE-Other
|
CVE-2006-5235
|
2011-03-8 11:42 |
2006-10-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259890
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
|
NVD-CWE-noinfo
|
CVE-2006-5323
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259891
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka …
|
NVD-CWE-Other
|
CVE-2006-5324
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259892
|
7.5 |
HIGH
|
phpbb_prillian
|
french_language_pack
|
PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL…
|
NVD-CWE-Other
|
CVE-2006-5326
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259893
|
5.1 |
MEDIUM
|
joomla
|
joomla
|
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
|
NVD-CWE-Other
|
CVE-2006-4473
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259894
|
7.5 |
HIGH
|
joomla
|
joomla
|
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2006-4475
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259895
|
7.5 |
HIGH
|
joomla
|
joomla
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of requir…
|
CWE-94 CWE-264
コード・インジェクション 認可・権限・アクセス制御
|
CVE-2006-4476
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259896
|
7.2 |
HIGH
|
ibm
|
aix
|
Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-4522
|
2011-03-8 11:41 |
2006-09-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259897
|
2.6 |
LOW
|
gnu
|
screen
|
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of s…
|
NVD-CWE-Other
|
CVE-2006-4573
|
2011-03-8 11:41 |
2006-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259898
|
6.8 |
MEDIUM
|
vtiger
|
vtiger_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspe…
|
NVD-CWE-Other
|
CVE-2006-4587
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259899
|
7.5 |
HIGH
|
vtiger
|
vtiger_crm
|
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demon…
|
NVD-CWE-Other
|
CVE-2006-4588
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259900
|
7.5 |
HIGH
|
bare_concept_media
|
pheap_cms
|
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenan…
|
NVD-CWE-Other
|
CVE-2006-4621
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|