|
349551
|
3.7 |
LOW
|
sun
|
java_studio_enterprise
|
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2006-1830
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349552
|
2.6 |
LOW
|
netbsd
|
netbsd
|
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to m…
|
NVD-CWE-Other
|
CVE-2006-1833
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349553
|
6.4 |
MEDIUM
|
empire_server
|
empire_server
|
Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions.
|
CWE-134
書式文字列の問題
|
CVE-2006-1840
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349554
|
2.6 |
LOW
|
cynical_games
|
shoutbook
|
Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenan…
|
NVD-CWE-Other
|
CVE-2006-1843
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349555
|
7.5 |
HIGH
|
francisco_burzi
|
php-nuke
|
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE:…
|
NVD-CWE-Other
|
CVE-2006-1847
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349556
|
7.5 |
HIGH
|
skymarx_solutions
|
xflow
|
Multiple SQL injection vulnerabilities in members_only/index.cgi in xFlow 5.46.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) position and (2) id parameter.
|
NVD-CWE-Other
|
CVE-2006-1849
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349557
|
2.6 |
LOW
|
skymarx_solutions
|
xflow
|
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action …
|
NVD-CWE-Other
|
CVE-2006-1850
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349558
|
5.0 |
MEDIUM
|
skymarx_solutions
|
xflow
|
xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the (1) action parameter to members_only/index.cgi and (2) page parameter customer_area/ind…
|
NVD-CWE-Other
|
CVE-2006-1851
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349559
|
7.5 |
HIGH
|
scriptsfrenzy
|
article_publisher_pro
|
SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.
|
NVD-CWE-Other
|
CVE-2006-1852
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349560
|
6.5 |
MEDIUM
|
moderngigabyte
|
modernbill
|
Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier allow remote attackers or administrators to execute arbitrary SQL commands via the (1) id parameter in (a) user.php, or (2) wher…
|
NVD-CWE-Other
|
CVE-2006-1853
|
2017-07-20 10:30 |
2006-04-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349561
|
4.6 |
MEDIUM
|
suse
|
suse_linux
|
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount request…
|
NVD-CWE-Other
|
CVE-2006-0043
|
2017-07-20 10:29 |
2006-01-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349562
|
7.5 |
HIGH
|
albatross
|
albatross
|
Unspecified vulnerability in context.py in Albatross web application toolkit before 1.33 allows remote attackers to execute arbitrary commands via unspecified vectors involving template files and the…
|
NVD-CWE-Other
|
CVE-2006-0044
|
2017-07-20 10:29 |
2006-01-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349563
|
7.2 |
HIGH
|
linley_henzell
|
dungeon_crawl
|
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-2006-0045
|
2017-07-20 10:29 |
2006-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349564
|
5.0 |
MEDIUM
|
francesco_stablum
|
tcpick
|
Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled …
|
NVD-CWE-Other
|
CVE-2006-0048
|
2017-07-20 10:29 |
2006-04-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349565
|
1.2 |
LOW
|
debian
|
debian_linux
|
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.
|
NVD-CWE-Other
|
CVE-2006-0050
|
2017-07-20 10:29 |
2006-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349566
|
2.6 |
LOW
|
tony_cook
|
imager
|
Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, wh…
|
CWE-399
リソース管理の問題
|
CVE-2006-0053
|
2017-07-20 10:29 |
2006-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349567
|
2.1 |
LOW
|
freebsd
|
freebsd
|
The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink at…
|
NVD-CWE-Other
|
CVE-2006-0055
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349568
|
7.5 |
HIGH
|
livedata
|
iccp_server
|
Heap-based buffer overflow in the ISO Transport Service over TCP (RFC 1006) implementation of LiveData ICCP Server before 5.00.035 allows remote attackers to cause a denial of service or execute arbi…
|
NVD-CWE-Other
|
CVE-2006-0059
|
2017-07-20 10:29 |
2006-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349569
|
7.5 |
HIGH
|
livedata
|
iccp_server
|
This vulnerability is addressed in the following product release:
LiveData, ICCP Server, 5.00.035
|
NVD-CWE-Other
|
CVE-2006-0059
|
2017-07-20 10:29 |
2006-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349570
|
4.6 |
MEDIUM
|
stefan_frings
|
sms_server_tools
|
Format string vulnerability in the logging code of SMS Server Tools (smstools) 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors.
|
NVD-CWE-Other
|
CVE-2006-0083
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349571
|
4.3 |
MEDIUM
|
sblog
|
sblog
|
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2006-0101
|
2017-07-20 10:29 |
2006-01-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349572
|
7.5 |
HIGH
|
idea_development_id_oy
|
timecan_cms
|
SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are ob…
|
NVD-CWE-Other
|
CVE-2006-0107
|
2017-07-20 10:29 |
2006-01-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349573
|
7.5 |
HIGH
|
idea_development_id_oy
|
timecan_cms
|
SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; th…
|
NVD-CWE-Other
|
CVE-2006-0108
|
2017-07-20 10:29 |
2006-01-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349574
|
5.0 |
MEDIUM
|
boxcar_media
|
shopping_cart
|
Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter.
|
NVD-CWE-Other
|
CVE-2006-0111
|
2017-07-20 10:29 |
2006-01-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349575
|
5.0 |
MEDIUM
|
ibm
|
lotus_domino
lotus_domino_enterprise_server
lotus_notes
|
Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 allows attackers to cause a denial of service (router crash or hang) via unspecified vectors involving "CD to MIME Conversion".
|
NVD-CWE-Other
|
CVE-2006-0117
|
2017-07-20 10:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349576
|
5.0 |
MEDIUM
|
ibm
|
lotus_domino
lotus_domino_enterprise_server
lotus_notes
|
Unspecified vulnerability in IBM Lotus Notes and Domino Server before 6.5.5, when running on AIX, allows attackers to cause a denial of service (deep recursion leading to stack overflow and crash) vi…
|
NVD-CWE-Other
|
CVE-2006-0118
|
2017-07-20 10:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349577
|
5.0 |
MEDIUM
|
ibm
|
lotus_domino
lotus_domino_enterprise_server
lotus_notes
|
Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 allow attackers to cause a denial of service (application crash) via multiple vectors, involving (1) a malformed…
|
NVD-CWE-Other
|
CVE-2006-0120
|
2017-07-20 10:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349578
|
10.0 |
HIGH
|
rockliffe
|
mailsite
|
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2006-0128
|
2017-07-20 10:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349579
|
5.0 |
MEDIUM
|
pd9_software
|
megabbs
|
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.
|
NVD-CWE-Other
|
CVE-2006-0139
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349580
|
5.0 |
MEDIUM
|
eudora
|
internet_mail_server
|
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail …
|
NVD-CWE-Other
|
CVE-2006-0141
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349581
|
4.3 |
MEDIUM
|
andromeda_software
|
andromeda
|
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of…
|
NVD-CWE-Other
|
CVE-2006-0142
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349582
|
5.0 |
MEDIUM
|
netsarang
|
xlpd
|
NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.
|
NVD-CWE-Other
|
CVE-2006-0148
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349583
|
4.3 |
MEDIUM
|
phpchamber
|
phpchamber
|
Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this in…
|
NVD-CWE-Other
|
CVE-2006-0152
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349584
|
7.5 |
HIGH
|
javier_suarez_sanz
|
foro_domus
|
SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown,…
|
CWE-89
SQLインジェクション
|
CVE-2006-0159
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349585
|
7.5 |
HIGH
|
venom_board
|
venom_board
|
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
|
CWE-89
SQLインジェクション
|
CVE-2006-0160
|
2017-07-20 10:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349586
|
7.5 |
HIGH
|
clam_anti-virus
|
clamav
|
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX f…
|
NVD-CWE-Other
|
CVE-2006-0162
|
2017-07-20 10:29 |
2006-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349587
|
7.5 |
HIGH
|
francisco_burzi
|
php-nuke_ev
|
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by t…
|
NVD-CWE-Other
|
CVE-2006-0163
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349588
|
7.5 |
HIGH
|
woah-projekt
|
phgstats
|
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
|
NVD-CWE-Other
|
CVE-2006-0164
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349589
|
4.3 |
MEDIUM
|
plain_black
|
webgui
|
Cross-site scripting (XSS) vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 (gamma) allows remote attackers to inject arbitrary Javascript via the (1) url and (2…
|
NVD-CWE-Other
|
CVE-2006-0165
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349590
|
7.5 |
HIGH
|
symantec
|
norton_system_works
|
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindN…
|
NVD-CWE-Other
|
CVE-2006-0166
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349591
|
7.2 |
HIGH
|
cray
|
unicos
|
Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local users to gain privileges by (1) invoking /usr/bin/script with a long command line argument or (2) setting the -c option of /etc/nu t…
|
NVD-CWE-Other
|
CVE-2006-0177
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349592
|
7.2 |
HIGH
|
cray
|
unicos
|
Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local users to have an unknown impact via format string specifiers in the quote command. NOTE: because the program is not setuid and …
|
NVD-CWE-Other
|
CVE-2006-0178
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349593
|
7.2 |
HIGH
|
cisco
|
cs-mars
|
Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the …
|
NVD-CWE-Other
|
CVE-2006-0181
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349594
|
7.5 |
HIGH
|
mainenet_enterprises
|
asptopsites
|
Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.
|
NVD-CWE-Other
|
CVE-2006-0184
|
2017-07-20 10:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349595
|
7.5 |
HIGH
|
light_weight_calendar
|
light_weight_calendar
|
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by in…
|
NVD-CWE-Other
|
CVE-2006-0206
|
2017-07-20 10:29 |
2006-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349596
|
4.6 |
MEDIUM
|
kolab
|
kolab_groupware_server
|
Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, whi…
|
NVD-CWE-Other
|
CVE-2006-0213
|
2017-07-20 10:29 |
2006-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349597
|
7.5 |
HIGH
|
indexcor
|
ezdatabase
|
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and includ…
|
NVD-CWE-Other
|
CVE-2006-0214
|
2017-07-20 10:29 |
2006-01-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349598
|
4.3 |
MEDIUM
|
ultimate_auction
|
ultimate_auction
|
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category param…
|
NVD-CWE-Other
|
CVE-2006-0217
|
2017-07-20 10:29 |
2006-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349599
|
7.5 |
HIGH
|
mybulletinboard
|
mybulletinboard
|
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL inject…
|
NVD-CWE-Other
|
CVE-2006-0219
|
2017-07-20 10:29 |
2006-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349600
|
5.0 |
MEDIUM
|
topcmm_computing
|
123_flash_chat_server
|
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the usern…
|
CWE-22
パス・トラバーサル
|
CVE-2006-0223
|
2017-07-20 10:29 |
2006-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
