Lista CVE - 2006 / Marzo
Visualizzazione 101 - 200 di 585 CVE per Marzo 2006 (Pagina 2 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2006-1037 | 2006-03-07 | SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| CVE-2006-1038 | 2006-03-07 | Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. |
| CVE-2006-1039 | 2006-03-07 | SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a... |
| CVE-2006-1040 | 2006-03-07 | Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not... |
| CVE-2006-1041 | 2006-03-07 | Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to... |
| CVE-2006-1042 | 2006-03-07 | Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php. |
| CVE-2006-1043 | 2006-03-07 | Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio... |
| CVE-2006-1044 | 2006-03-07 | Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors... |
| CVE-2006-1045 | 2006-03-07 | The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which... |
| CVE-2006-1046 | 2006-03-07 | server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when... |
| CVE-2006-1048 | 2006-03-07 | Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks,... |
| CVE-2006-1049 | 2006-03-07 | Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. |
| CVE-2006-1034 | 2006-03-07 | Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2)... |
| CVE-2006-1047 | 2006-03-07 | Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. |
| CVE-2006-1050 | 2006-03-07 | Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE:... |
| CVE-2005-3629 | 2006-03-07 | initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root... |
| CVE-2006-1051 | 2006-03-07 | SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php. |
| CVE-2006-1062 | 2006-03-07 | Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors. |
| CVE-2006-1063 | 2006-03-07 | Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox". |
| CVE-2006-1064 | 2006-03-07 | Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1065 | 2006-03-07 | SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter. |
| CVE-2006-1067 | 2006-03-07 | Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an... |
| CVE-2006-1068 | 2006-03-07 | Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes... |
| CVE-2006-1069 | 2006-03-07 | Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via... |
| CVE-2006-1070 | 2006-03-08 | Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter. |
| CVE-2006-1071 | 2006-03-08 | Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2006-1072 | 2006-03-08 | Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post. |
| CVE-2006-1073 | 2006-03-08 | Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters. |
| CVE-2006-0746 | 2006-03-09 | Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627. |
| CVE-2006-1074 | 2006-03-09 | Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. |
| CVE-2006-1075 | 2006-03-09 | Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname,... |
| CVE-2006-1076 | 2006-03-09 | SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. |
| CVE-2006-1077 | 2006-03-09 | Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified... |
| CVE-2006-1078 | 2006-03-09 | Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command... |
| CVE-2006-1079 | 2006-03-09 | htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which... |
| CVE-2006-1080 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded... |
| CVE-2006-1081 | 2006-03-09 | SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter. |
| CVE-2006-1082 | 2006-03-09 | Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status... |
| CVE-2006-1083 | 2006-03-09 | Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2)... |
| CVE-2006-1084 | 2006-03-09 | Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and... |
| CVE-2006-1085 | 2006-03-09 | admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to... |
| CVE-2006-1087 | 2006-03-09 | Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which... |
| CVE-2006-1088 | 2006-03-09 | PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. |
| CVE-2006-0742 | 2006-03-09 | The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause... |
| CVE-2006-1089 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF... |
| CVE-2006-1090 | 2006-03-09 | register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. |
| CVE-2006-1091 | 2006-03-09 | Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via unknown attack vectors. |
| CVE-2006-1092 | 2006-03-09 | Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic)... |
| CVE-2006-1093 | 2006-03-09 | Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be... |
| CVE-2006-1094 | 2006-03-09 | SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2)... |
| CVE-2006-1095 | 2006-03-09 | Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. |
| CVE-2006-1096 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue... |
| CVE-2006-1097 | 2006-03-09 | Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to... |
| CVE-2006-1098 | 2006-03-09 | Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed... |
| CVE-2006-1100 | 2006-03-09 | Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of... |
| CVE-2006-1101 | 2006-03-09 | The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams... |
| CVE-2006-1102 | 2006-03-09 | Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file... |
| CVE-2006-1103 | 2006-03-09 | engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the... |
| CVE-2006-1104 | 2006-03-09 | Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT,... |
| CVE-2006-1105 | 2006-03-09 | Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some... |
| CVE-2006-1106 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and... |
| CVE-2006-1107 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. |
| CVE-2006-1108 | 2006-03-09 | SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-1109 | 2006-03-09 | SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is... |
| CVE-2006-1110 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. |
| CVE-2006-1111 | 2006-03-09 | Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly... |
| CVE-2006-1112 | 2006-03-09 | Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message. |
| CVE-2006-1113 | 2006-03-09 | SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-1114 | 2006-03-09 | Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1)... |
| CVE-2006-1115 | 2006-03-09 | nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in... |
| CVE-2006-1116 | 2006-03-09 | The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows... |
| CVE-2006-1117 | 2006-03-09 | nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly... |
| CVE-2006-1118 | 2006-03-09 | SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets. |
| CVE-2005-4728 | 2006-03-09 | Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory. |
| CVE-2006-1099 | 2006-03-09 | PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this... |
| CVE-2006-0743 | 2006-03-09 | Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. |
| CVE-2006-1119 | 2006-03-09 | fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked... |
| CVE-2006-1120 | 2006-03-09 | Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the... |
| CVE-2006-1121 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. |
| CVE-2006-1122 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2006-1123 | 2006-03-09 | SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. |
| CVE-2006-1124 | 2006-03-09 | Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command. |
| CVE-2006-1125 | 2006-03-09 | Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local... |
| CVE-2006-1126 | 2006-03-09 | Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources... |
| CVE-2006-1127 | 2006-03-09 | Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly... |
| CVE-2006-1128 | 2006-03-09 | Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie,... |
| CVE-2006-0040 | 2006-03-10 | GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due... |
| CVE-2006-0667 | 2006-03-10 | lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. |
| CVE-2005-4729 | 2006-03-10 | SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. |
| CVE-2006-1129 | 2006-03-10 | SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. |
| CVE-2006-1130 | 2006-03-10 | Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. |
| CVE-2006-1131 | 2006-03-10 | Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. |
| CVE-2006-1132 | 2006-03-10 | SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. |
| CVE-2006-1133 | 2006-03-10 | Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the... |
| CVE-2006-1134 | 2006-03-10 | SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2)... |
| CVE-2006-1135 | 2006-03-10 | Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to... |
| CVE-2006-1136 | 2006-03-10 | Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial... |
| CVE-2006-1137 | 2006-03-10 | Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via... |
| CVE-2006-1138 | 2006-03-10 | Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial... |
| CVE-2006-1139 | 2006-03-10 | Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to... |