259951
|
5.1 |
MEDIUM
|
pstotext
|
pstotext
|
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name.
|
NVD-CWE-Other
|
CVE-2006-5869
|
2011-03-8 11:43 |
2006-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259952
|
7.5 |
HIGH
|
cchost
|
cchost
|
SQL injection vulnerability in Creative Commons Tools ccHost before 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URL, which is used to populate the file ID. NOTE: Some…
|
NVD-CWE-Other
|
CVE-2006-4778
|
2011-03-8 11:42 |
2006-09-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259953
|
6.2 |
MEDIUM
|
roxio
|
toast
|
Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are execu…
|
CWE-362
競合状態
|
CVE-2006-4801
|
2011-03-8 11:42 |
2006-09-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259954
|
10.0 |
HIGH
|
iodine
|
iodine
|
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
|
NVD-CWE-Other
|
CVE-2006-4831
|
2011-03-8 11:42 |
2006-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259955
|
10.0 |
HIGH
|
iodine
|
iodine
|
This vulnerability is addressed in the following product release:
Iodine, Iodine, 0.3.2
|
NVD-CWE-Other
|
CVE-2006-4831
|
2011-03-8 11:42 |
2006-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259956
|
4.3 |
MEDIUM
|
paul_smith_computer_services
|
vcap
|
Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith Computer Services vCAP 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the statusmsg parameter in Registe…
|
NVD-CWE-Other
|
CVE-2006-5035
|
2011-03-8 11:42 |
2006-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259957
|
5.0 |
MEDIUM
|
andreas_gohr
|
dokuwiki
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
|
NVD-CWE-Other
|
CVE-2006-5098
|
2011-03-8 11:42 |
2006-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259958
|
7.5 |
HIGH
|
andreas_gohr
|
dokuwiki
|
lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w a…
|
NVD-CWE-Other
|
CVE-2006-5099
|
2011-03-8 11:42 |
2006-09-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259959
|
5.1 |
MEDIUM
|
facileforms
|
facileforms
|
Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web sc…
|
NVD-CWE-Other
|
CVE-2006-5106
|
2011-03-8 11:42 |
2006-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259960
|
5.4 |
MEDIUM
|
intoto
|
igateway_ssl-vpn igateway_vpn
|
Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public mod…
|
NVD-CWE-Other
|
CVE-2006-5179
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259961
|
5.4 |
MEDIUM
|
intoto
|
igateway_ssl-vpn igateway_vpn
|
It is reported that a patch may be obtained by contacting Intoto at the following email address: support@intoto.com
|
NVD-CWE-Other
|
CVE-2006-5179
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259962
|
6.4 |
MEDIUM
|
trend_micro
|
officescan_corporate_edition
|
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7…
|
NVD-CWE-Other
|
CVE-2006-5211
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259963
|
6.4 |
MEDIUM
|
trend_micro
|
officescan_corporate_edition
|
A security patch for each affected product has been released by the vendor.
|
NVD-CWE-Other
|
CVE-2006-5211
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259964
|
5.0 |
MEDIUM
|
trend_micro
|
officescan
|
Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7…
|
NVD-CWE-Other
|
CVE-2006-5212
|
2011-03-8 11:42 |
2006-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259965
|
7.5 |
HIGH
|
dimension_of_phpbb
|
dimension_of_phpbb
|
PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path par…
|
NVD-CWE-Other
|
CVE-2006-5235
|
2011-03-8 11:42 |
2006-10-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259966
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.1.0.2 has unspecified impact and attack vectors, related to a "possible security exposure," aka PK29360.
|
NVD-CWE-noinfo
|
CVE-2006-5323
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259967
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
The Web Services Notification (WSN) security component of IBM WebSphere Application Server before 6.1.0.2 allows attackers to obtain unspecified access without supplying a username and password, aka …
|
NVD-CWE-Other
|
CVE-2006-5324
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259968
|
7.5 |
HIGH
|
phpbb_prillian
|
french_language_pack
|
PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL…
|
NVD-CWE-Other
|
CVE-2006-5326
|
2011-03-8 11:42 |
2006-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259969
|
5.1 |
MEDIUM
|
joomla
|
joomla
|
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
|
NVD-CWE-Other
|
CVE-2006-4473
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259970
|
7.5 |
HIGH
|
joomla
|
joomla
|
Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2006-4475
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259971
|
7.5 |
HIGH
|
joomla
|
joomla
|
Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of requir…
|
CWE-94 CWE-264
コード・インジェクション 認可・権限・アクセス制御
|
CVE-2006-4476
|
2011-03-8 11:41 |
2006-09-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259972
|
7.2 |
HIGH
|
ibm
|
aix
|
Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-4522
|
2011-03-8 11:41 |
2006-09-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259973
|
2.6 |
LOW
|
gnu
|
screen
|
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of s…
|
NVD-CWE-Other
|
CVE-2006-4573
|
2011-03-8 11:41 |
2006-10-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259974
|
6.8 |
MEDIUM
|
vtiger
|
vtiger_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspe…
|
NVD-CWE-Other
|
CVE-2006-4587
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259975
|
7.5 |
HIGH
|
vtiger
|
vtiger_crm
|
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demon…
|
NVD-CWE-Other
|
CVE-2006-4588
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259976
|
7.5 |
HIGH
|
bare_concept_media
|
pheap_cms
|
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenan…
|
NVD-CWE-Other
|
CVE-2006-4621
|
2011-03-8 11:41 |
2006-09-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259977
|
7.5 |
HIGH
|
alwil
|
avast_antivirus
|
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and direc…
|
NVD-CWE-Other
|
CVE-2006-4626
|
2011-03-8 11:41 |
2006-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259978
|
7.5 |
HIGH
|
alwil
|
avast_antivirus
|
This vulnerability is addressed in the following product releases:
ALWIL, avast! antivirus, 4.7.869 (for Desktops)
ALWIL, avast! antivirus, Server 4.7.660 (for Servers)
|
NVD-CWE-Other
|
CVE-2006-4626
|
2011-03-8 11:41 |
2006-09-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259979
|
7.5 |
HIGH
|
uni-vert
|
phpleague
|
SQL injection vulnerability in consult/joueurs.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the id_joueur parameter. NOTE: the provenance …
|
NVD-CWE-Other
|
CVE-2006-4643
|
2011-03-8 11:41 |
2006-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259980
|
5.0 |
MEDIUM
|
ibm
|
director
|
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests an…
|
NVD-CWE-Other
|
CVE-2006-4682
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259981
|
5.0 |
MEDIUM
|
ibm
|
director
|
This vulnerability is addressed in the following product release:
IBM, Director, 5.10
|
NVD-CWE-Other
|
CVE-2006-4682
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259982
|
5.0 |
MEDIUM
|
ibm
|
director
|
IBM Director before 5.10 allows remote attackers to obtain sensitive information from HTTP headers via HTTP TRACE.
|
NVD-CWE-Other
|
CVE-2006-4683
|
2011-03-8 11:41 |
2006-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259983
|
5.0 |
MEDIUM
|
zope
|
zope
|
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary…
|
NVD-CWE-Other
|
CVE-2006-4684
|
2011-03-8 11:41 |
2006-09-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259984
|
7.5 |
HIGH
|
drupal
|
drupal_pubcookie_module
|
The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentica…
|
NVD-CWE-Other
|
CVE-2006-4717
|
2011-03-8 11:41 |
2006-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259985
|
7.5 |
HIGH
|
drupal
|
drupal_pubcookie_module
|
Drupal core is not affected. If you do not use the pubcookie module, no action is necessary.
|
NVD-CWE-Other
|
CVE-2006-4717
|
2011-03-8 11:41 |
2006-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259986
|
5.0 |
MEDIUM
|
symantec
|
brightmail_antispam
|
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sendin…
|
NVD-CWE-Other
|
CVE-2006-4014
|
2011-03-8 11:40 |
2006-08-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259987
|
4.3 |
MEDIUM
|
toenda_software_development
|
toendacms
|
Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s pa…
|
NVD-CWE-Other
|
CVE-2006-4016
|
2011-03-8 11:40 |
2006-08-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259988
|
4.6 |
MEDIUM
|
intel
|
2100_proset_wireless
|
Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user…
|
NVD-CWE-Other
|
CVE-2006-4022
|
2011-03-8 11:40 |
2006-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259989
|
7.5 |
HIGH
|
festalon
|
festalon
|
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr…
|
NVD-CWE-Other
|
CVE-2006-4024
|
2011-03-8 11:40 |
2006-08-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259990
|
5.0 |
MEDIUM
|
gallery_project
|
gallery
|
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bu…
|
NVD-CWE-Other
|
CVE-2006-4030
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259991
|
5.0 |
MEDIUM
|
gallery_project
|
gallery
|
Update to version 1.5-pl1.
|
NVD-CWE-Other
|
CVE-2006-4030
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259992
|
10.0 |
HIGH
|
fenestrae
|
faxination_server
|
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
|
NVD-CWE-Other
|
CVE-2006-4037
|
2011-03-8 11:40 |
2006-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259993
|
7.5 |
HIGH
|
ehmig
|
me_download_system
|
Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_…
|
NVD-CWE-Other
|
CVE-2006-4054
|
2011-03-8 11:40 |
2006-08-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259994
|
5.1 |
MEDIUM
|
wim_fleischhauer
|
docpile_we
|
Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer docpile: wim's edition (docpile:we) 0.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the INIT_PATH parame…
|
NVD-CWE-Other
|
CVE-2006-4076
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259995
|
5.1 |
MEDIUM
|
wim_fleischhauer
|
docpile_we
|
Successful exploitation requires that "register_globals" is enabled.
|
NVD-CWE-Other
|
CVE-2006-4076
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259996
|
4.3 |
MEDIUM
|
ozjournals
|
ozjournals
|
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.…
|
NVD-CWE-Other
|
CVE-2006-4086
|
2011-03-8 11:40 |
2006-08-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259997
|
7.5 |
HIGH
|
ibm
|
websphere_application_server
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadId…
|
CWE-200 CWE-264
情報漏えい 認可・権限・アクセス制御
|
CVE-2006-4136
|
2011-03-8 11:40 |
2006-08-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259998
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command l…
|
NVD-CWE-Other
|
CVE-2006-4137
|
2011-03-8 11:40 |
2006-08-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
259999
|
7.5 |
HIGH
|
invision_power_services
|
invision_power_board
|
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
|
NVD-CWE-Other
|
CVE-2006-4155
|
2011-03-8 11:40 |
2006-08-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260000
|
4.3 |
MEDIUM
|
novell
|
groupwise groupwise_webaccess
|
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-4220
|
2011-03-8 11:40 |
2006-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|