260001
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.0.2.13 have unspecified vectors and impact, including (1) an "authority problem" in ThreadIdentitySupport as identifi…
|
NVD-CWE-Other
|
CVE-2006-4222
|
2011-03-8 11:40 |
2006-08-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260002
|
5.0 |
MEDIUM
|
twiki
|
twiki
|
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
NVD-CWE-Other
|
CVE-2006-4294
|
2011-03-8 11:40 |
2006-09-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260003
|
5.0 |
MEDIUM
|
cgi-rescue
|
mail_f_w_system
|
CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.…
|
NVD-CWE-Other
|
CVE-2006-4344
|
2011-03-8 11:40 |
2006-08-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260004
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly…
|
NVD-CWE-Other
|
CVE-2006-4396
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260005
|
4.6 |
MEDIUM
|
apple
|
mac_os_x
|
Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the logi…
|
NVD-CWE-Other
|
CVE-2006-4397
|
2011-03-8 11:40 |
2006-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260006
|
7.2 |
HIGH
|
apple
|
mac_os_x
|
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
|
NVD-CWE-Other
|
CVE-2006-4398
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260007
|
5.1 |
MEDIUM
|
apple
|
mac_os_x
|
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
|
NVD-CWE-Other
|
CVE-2006-4400
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260008
|
5.1 |
MEDIUM
|
apple
|
mac_os_x
|
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
|
NVD-CWE-Other
|
CVE-2006-4401
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260009
|
10.0 |
HIGH
|
apple
|
mac_os_x
|
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileg…
|
NVD-CWE-Other
|
CVE-2006-4404
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260010
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weak…
|
NVD-CWE-Other
|
CVE-2006-4407
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260011
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that req…
|
NVD-CWE-Other
|
CVE-2006-4408
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260012
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which c…
|
NVD-CWE-Other
|
CVE-2006-4409
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260013
|
7.5 |
HIGH
|
apple
|
mac_os_x
|
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoke…
|
NVD-CWE-Other
|
CVE-2006-4410
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260014
|
7.2 |
HIGH
|
apple
|
mac_os_x
|
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unsp…
|
NVD-CWE-Other
|
CVE-2006-4411
|
2011-03-8 11:40 |
2006-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260015
|
7.2 |
HIGH
|
apple
|
remote_desktop
|
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root…
|
NVD-CWE-Other
|
CVE-2006-4413
|
2011-03-8 11:40 |
2006-11-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260016
|
6.4 |
MEDIUM
|
doctor_web_ltd
|
dr.web
|
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header tha…
|
NVD-CWE-Other
|
CVE-2006-4438
|
2011-03-8 11:40 |
2006-09-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260017
|
7.5 |
HIGH
|
ay_system_solutions
|
ay_system_solutions_cms
|
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter t…
|
NVD-CWE-Other
|
CVE-2006-4441
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260018
|
6.8 |
MEDIUM
|
clemens_wacha
|
php_iaddressbook
|
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (cate…
|
NVD-CWE-Other
|
CVE-2006-4442
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260019
|
7.2 |
HIGH
|
x.org
|
emu-linux-x87-xlibs x11r6 x11r7 xdm xf86dga xinit xload xorg-server xterm
|
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow…
|
NVD-CWE-Other
|
CVE-2006-4447
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260020
|
7.5 |
HIGH
|
cj_design
|
cj_tag_board
|
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (…
|
NVD-CWE-Other
|
CVE-2006-4451
|
2011-03-8 11:40 |
2006-08-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260021
|
7.5 |
HIGH
|
phpecard
|
phpecard
|
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance…
|
NVD-CWE-Other
|
CVE-2006-4457
|
2011-03-8 11:40 |
2006-08-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260022
|
10.0 |
HIGH
|
sybase
|
financial_fusion_consumer_banking_solution
|
Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2006-3667
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260023
|
7.5 |
HIGH
|
hyper_estraier
|
hyper_estraier
|
Cross-site request forgery (CSRF) vulnerability in the communicate function in estmaster.c for Hyper Estraier before 1.3.3 allows remote attackers to perform unauthorized actions as other users via u…
|
NVD-CWE-Other
|
CVE-2006-3671
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260024
|
7.5 |
HIGH
|
hyper_estraier
|
hyper_estraier
|
This vulnerability is addressed in the following product release:
Hyper Estraier, Hyper Estraier, 1.3.3
|
NVD-CWE-Other
|
CVE-2006-3671
|
2011-03-8 11:39 |
2006-07-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260025
|
5.0 |
MEDIUM
|
hp
|
openvms
|
Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).
|
NVD-CWE-Other
|
CVE-2006-3686
|
2011-03-8 11:39 |
2006-07-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260026
|
6.5 |
MEDIUM
|
citrix
|
metaframe metaframe_presentation_server presentation_server
|
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
|
NVD-CWE-Other
|
CVE-2006-3779
|
2011-03-8 11:39 |
2006-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260027
|
7.5 |
HIGH
|
krusader
|
krusader
|
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file.
|
NVD-CWE-Other
|
CVE-2006-3816
|
2011-03-8 11:39 |
2006-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260028
|
5.1 |
MEDIUM
|
geodesicsolutions
|
geoauctions_enterprise
|
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
|
NVD-CWE-Other
|
CVE-2006-3822
|
2011-03-8 11:39 |
2006-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260029
|
5.1 |
MEDIUM
|
geodesicsolutions
|
geoauctions_enterprise
|
Successful exploitation requires that the 'accumulative feedback' feature is turned on.
|
NVD-CWE-Other
|
CVE-2006-3822
|
2011-03-8 11:39 |
2006-07-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260030
|
10.0 |
HIGH
|
emc
|
networker
|
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
|
NVD-CWE-Other
|
CVE-2006-3892
|
2011-03-8 11:39 |
2007-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260031
|
4.9 |
MEDIUM
|
neoscale_systems
|
cryptostor_tape_700
|
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and …
|
NVD-CWE-Other
|
CVE-2006-3896
|
2011-03-8 11:39 |
2006-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260032
|
4.3 |
MEDIUM
|
phpfaber
|
topsites
|
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this …
|
NVD-CWE-Other
|
CVE-2006-3902
|
2011-03-8 11:39 |
2006-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260033
|
5.1 |
MEDIUM
|
intel
|
2200bg_proset_wireless 2915abg_proset_wireless
|
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection bef…
|
NVD-CWE-Other
|
CVE-2006-3992
|
2011-03-8 11:39 |
2006-08-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260034
|
5.1 |
MEDIUM
|
intel
|
2200bg_proset_wireless 2915abg_proset_wireless
|
Affected versions are only vulnerable with driver version 9.0.4.16
This vulnerability is addressed in the following product releases:
Intel, 2200BG PROSet/Wireless, 10.5
Intel, 2915ABG PROSet/Wire…
|
NVD-CWE-Other
|
CVE-2006-3992
|
2011-03-8 11:39 |
2006-08-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260035
|
10.0 |
HIGH
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server before 6.0.2.11 has unknown impact and attack vectors because the "UserNameToken cache was improperly used."
|
NVD-CWE-noinfo
|
CVE-2006-3232
|
2011-03-8 11:38 |
2006-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260036
|
4.0 |
MEDIUM
|
twiki
|
twiki
|
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extens…
|
NVD-CWE-Other
|
CVE-2006-3336
|
2011-03-8 11:38 |
2006-07-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260037
|
2.6 |
LOW
|
phpmaillist
|
phpmaillist
|
Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.
|
NVD-CWE-Other
|
CVE-2006-3482
|
2011-03-8 11:38 |
2006-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260038
|
2.6 |
LOW
|
adaptive_technology_resource_centre
|
atutor
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) …
|
NVD-CWE-Other
|
CVE-2006-3484
|
2011-03-8 11:38 |
2006-07-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260039
|
4.6 |
MEDIUM
|
apple
|
xsan mac_os_x mac_os_x_server
|
Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "proces…
|
NVD-CWE-Other
|
CVE-2006-3506
|
2011-03-8 11:38 |
2006-08-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260040
|
4.6 |
MEDIUM
|
apple
|
xsan mac_os_x mac_os_x_server
|
This vulnerability is addressed in the following product release:
Apple, Xsan, 1.4
|
NVD-CWE-Other
|
CVE-2006-3506
|
2011-03-8 11:38 |
2006-08-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260041
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames int…
|
NVD-CWE-Other
|
CVE-2006-3507
|
2011-03-8 11:38 |
2006-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260042
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary c…
|
NVD-CWE-Other
|
CVE-2006-3508
|
2011-03-8 11:38 |
2006-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260043
|
7.2 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third…
|
NVD-CWE-Other
|
CVE-2006-3509
|
2011-03-8 11:38 |
2006-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260044
|
7.8 |
HIGH
|
nullsoft
|
shoutcast_server
|
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot d…
|
NVD-CWE-Other
|
CVE-2006-3534
|
2011-03-8 11:38 |
2006-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260045
|
7.8 |
HIGH
|
nullsoft
|
shoutcast_server
|
This vulnerability is addressed in the following product releases:
Nullsoft, SHOUTcast DSP, 1.9.6
Nullsoft, SHOUTcast DSP, 1.9.7
|
NVD-CWE-Other
|
CVE-2006-3534
|
2011-03-8 11:38 |
2006-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260046
|
6.4 |
MEDIUM
|
ipswitch
|
ipswitch_collaboration_suite ipswitch_secure_server
|
Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not proper…
|
NVD-CWE-Other
|
CVE-2006-3552
|
2011-03-8 11:38 |
2006-07-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260047
|
7.5 |
HIGH
|
logicalware
|
mailmanager
|
Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain a…
|
NVD-CWE-Other
|
CVE-2006-2824
|
2011-03-8 11:37 |
2006-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260048
|
4.3 |
MEDIUM
|
techno_dreams
|
techno_dreams_guest_book
|
Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probab…
|
NVD-CWE-Other
|
CVE-2006-2837
|
2011-03-8 11:37 |
2006-06-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260049
|
7.5 |
HIGH
|
particle_soft
|
particle_gallery
|
SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.
|
NVD-CWE-Other
|
CVE-2006-2862
|
2011-03-8 11:37 |
2006-06-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260050
|
6.8 |
MEDIUM
|
deltascripts
|
php_pro_publish
|
Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this info…
|
NVD-CWE-Other
|
CVE-2006-2876
|
2011-03-8 11:37 |
2006-06-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|