259901
|
7.5 |
HIGH
|
alwil
|
avast_antivirus
|
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and direc…
|
NVD-CWE-Other
|
CVE-2006-4626
|
2011-03-8 11:41 |
2006-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259902
|
7.5 |
HIGH
|
alwil
|
avast_antivirus
|
This vulnerability is addressed in the following product releases:
ALWIL, avast! antivirus, 4.7.869 (for Desktops)
ALWIL, avast! antivirus, Server 4.7.660 (for Servers)
|
NVD-CWE-Other
|
CVE-2006-4626
|
2011-03-8 11:41 |
2006-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259903
|
7.5 |
HIGH
|
uni-vert
|
phpleague
|
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance …
|
NVD-CWE-Other
|
CVE-2006-4643
|
2011-03-8 11:41 |
2006-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259904
|
5.0 |
MEDIUM
|
ibm
|
director
|
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests an…
|
NVD-CWE-Other
|
CVE-2006-4682
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259905
|
5.0 |
MEDIUM
|
ibm
|
director
|
This vulnerability is addressed in the following product release:
IBM, Director, 5.10
|
NVD-CWE-Other
|
CVE-2006-4682
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259906
|
5.0 |
MEDIUM
|
ibm
|
director
|
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
|
NVD-CWE-Other
|
CVE-2006-4683
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259907
|
5.0 |
MEDIUM
|
zope
|
zope
|
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary…
|
NVD-CWE-Other
|
CVE-2006-4684
|
2011-03-8 11:41 |
2006-09-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259908
|
7.5 |
HIGH
|
drupal
|
drupal_pubcookie_module
|
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentica…
|
NVD-CWE-Other
|
CVE-2006-4717
|
2011-03-8 11:41 |
2006-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259909
|
7.5 |
HIGH
|
drupal
|
drupal_pubcookie_module
|
Drupal core is not affected. If you do not use the pubcookie module, no action is necessary.
|
NVD-CWE-Other
|
CVE-2006-4717
|
2011-03-8 11:41 |
2006-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259910
|
5.0 |
MEDIUM
|
symantec
|
brightmail_antispam
|
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sendin…
|
NVD-CWE-Other
|
CVE-2006-4014
|
2011-03-8 11:40 |
2006-08-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259911
|
4.3 |
MEDIUM
|
toenda_software_development
|
toendacms
|
Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s pa…
|
NVD-CWE-Other
|
CVE-2006-4016
|
2011-03-8 11:40 |
2006-08-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259912
|
4.6 |
MEDIUM
|
intel
|
2100_proset_wireless
|
Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user…
|
NVD-CWE-Other
|
CVE-2006-4022
|
2011-03-8 11:40 |
2006-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259913
|
7.5 |
HIGH
|
festalon
|
festalon
|
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr…
|
NVD-CWE-Other
|
CVE-2006-4024
|
2011-03-8 11:40 |
2006-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259914
|
5.0 |
MEDIUM
|
gallery_project
|
gallery
|
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bu…
|
NVD-CWE-Other
|
CVE-2006-4030
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259915
|
5.0 |
MEDIUM
|
gallery_project
|
gallery
|
Update to version 1.5-pl1.
|
NVD-CWE-Other
|
CVE-2006-4030
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259916
|
10.0 |
HIGH
|
fenestrae
|
faxination_server
|
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
|
NVD-CWE-Other
|
CVE-2006-4037
|
2011-03-8 11:40 |
2006-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259917
|
7.5 |
HIGH
|
ehmig
|
me_download_system
|
Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_…
|
NVD-CWE-Other
|
CVE-2006-4054
|
2011-03-8 11:40 |
2006-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259918
|
5.1 |
MEDIUM
|
wim_fleischhauer
|
docpile_we
|
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parame…
|
NVD-CWE-Other
|
CVE-2006-4076
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259919
|
5.1 |
MEDIUM
|
wim_fleischhauer
|
docpile_we
|
Successful exploitation requires that "register_globals" is enabled.
|
NVD-CWE-Other
|
CVE-2006-4076
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259920
|
4.3 |
MEDIUM
|
ozjournals
|
ozjournals
|
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.…
|
NVD-CWE-Other
|
CVE-2006-4086
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259921
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadId…
|
CWE-200 CWE-264
情報漏えい 認可・権限・アクセス制御
|
CVE-2006-4136
|
2011-03-8 11:40 |
2006-08-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259922
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command l…
|
NVD-CWE-Other
|
CVE-2006-4137
|
2011-03-8 11:40 |
2006-08-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259923
|
7.5 |
HIGH
|
invision_power_services
|
invision_power_board
|
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
|
NVD-CWE-Other
|
CVE-2006-4155
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259924
|
4.3 |
MEDIUM
|
novell
|
groupwise groupwise_webaccess
|
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-4220
|
2011-03-8 11:40 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259925
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identifi…
|
NVD-CWE-Other
|
CVE-2006-4222
|
2011-03-8 11:40 |
2006-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259926
|
5.0 |
MEDIUM
|
twiki
|
twiki
|
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
NVD-CWE-Other
|
CVE-2006-4294
|
2011-03-8 11:40 |
2006-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259927
|
5.0 |
MEDIUM
|
cgi-rescue
|
mail_f_w_system
|
CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.…
|
NVD-CWE-Other
|
CVE-2006-4344
|
2011-03-8 11:40 |
2006-08-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259928
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly…
|
NVD-CWE-Other
|
CVE-2006-4396
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259929
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the logi…
|
NVD-CWE-Other
|
CVE-2006-4397
|
2011-03-8 11:40 |
2006-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259930
|
7.2 |
HIGH
|
apple
|
mac_os_x
|
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
|
NVD-CWE-Other
|
CVE-2006-4398
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259931
|
5.1 |
MEDIUM
|
apple
|
mac_os_x
|
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
|
NVD-CWE-Other
|
CVE-2006-4400
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259932
|
5.1 |
MEDIUM
|
apple
|
mac_os_x
|
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
|
NVD-CWE-Other
|
CVE-2006-4401
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259933
|
10.0 |
HIGH
|
apple
|
mac_os_x
|
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileg…
|
NVD-CWE-Other
|
CVE-2006-4404
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259934
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weak…
|
NVD-CWE-Other
|
CVE-2006-4407
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259935
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that req…
|
NVD-CWE-Other
|
CVE-2006-4408
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259936
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which c…
|
NVD-CWE-Other
|
CVE-2006-4409
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259937
|
7.5 |
HIGH
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoke…
|
NVD-CWE-Other
|
CVE-2006-4410
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259938
|
7.2 |
HIGH
|
apple
|
mac_os_x
|
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unsp…
|
NVD-CWE-Other
|
CVE-2006-4411
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259939
|
7.2 |
HIGH
|
apple
|
remote_desktop
|
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root…
|
NVD-CWE-Other
|
CVE-2006-4413
|
2011-03-8 11:40 |
2006-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259940
|
6.4 |
MEDIUM
|
doctor_web_ltd
|
dr.web
|
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header tha…
|
NVD-CWE-Other
|
CVE-2006-4438
|
2011-03-8 11:40 |
2006-09-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259941
|
7.5 |
HIGH
|
ay_system_solutions
|
ay_system_solutions_cms
|
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter t…
|
NVD-CWE-Other
|
CVE-2006-4441
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259942
|
6.8 |
MEDIUM
|
clemens_wacha
|
php_iaddressbook
|
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (cate…
|
NVD-CWE-Other
|
CVE-2006-4442
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259943
|
7.2 |
HIGH
|
x.org
|
emu-linux-x87-xlibs x11r6 x11r7 xdm xf86dga xinit xload xorg-server xterm
|
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow…
|
NVD-CWE-Other
|
CVE-2006-4447
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259944
|
7.5 |
HIGH
|
cj_design
|
cj_tag_board
|
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (…
|
NVD-CWE-Other
|
CVE-2006-4451
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259945
|
7.5 |
HIGH
|
phpecard
|
phpecard
|
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance…
|
NVD-CWE-Other
|
CVE-2006-4457
|
2011-03-8 11:40 |
2006-08-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259946
|
10.0 |
HIGH
|
sybase
|
financial_fusion_consumer_banking_solution
|
Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2006-3667
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259947
|
7.5 |
HIGH
|
hyper_estraier
|
hyper_estraier
|
Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via u…
|
NVD-CWE-Other
|
CVE-2006-3671
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259948
|
7.5 |
HIGH
|
hyper_estraier
|
hyper_estraier
|
This vulnerability is addressed in the following product release:
Hyper Estraier, Hyper Estraier, 1.3.3
|
NVD-CWE-Other
|
CVE-2006-3671
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259949
|
5.0 |
MEDIUM
|
hp
|
openvms
|
Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).
|
NVD-CWE-Other
|
CVE-2006-3686
|
2011-03-8 11:39 |
2006-07-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259950
|
6.5 |
MEDIUM
|
citrix
|
metaframe metaframe_presentation_server presentation_server
|
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
|
NVD-CWE-Other
|
CVE-2006-3779
|
2011-03-8 11:39 |
2006-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|