Lista CVE - 2006 / Marzo
Visualizzazione 201 - 300 di 585 CVE per Marzo 2006 (Pagina 3 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2006-1140 | 2006-03-10 | SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| CVE-2006-1141 | 2006-03-10 | Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATH_INFO environment variable. |
| CVE-2006-1142 | 2006-03-10 | Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact. |
| CVE-2006-1143 | 2006-03-10 | Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment_body parameter, as used by the comment field, when... |
| CVE-2006-1144 | 2006-03-10 | Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows remote attackers to inject arbitrary web script or HTML via (1) the user parameter in deleteuser.php and (2) the hits parameter in... |
| CVE-2006-1145 | 2006-03-10 | Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the... |
| CVE-2006-1146 | 2006-03-10 | Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message... |
| CVE-2006-1147 | 2006-03-10 | The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial... |
| CVE-2006-1148 | 2006-03-10 | Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1)... |
| CVE-2006-1149 | 2006-03-10 | PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter,... |
| CVE-2006-1150 | 2006-03-10 | Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application... |
| CVE-2006-1151 | 2006-03-10 | Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter. |
| CVE-2006-1152 | 2006-03-10 | PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the... |
| CVE-2006-1153 | 2006-03-10 | SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). |
| CVE-2006-1154 | 2006-03-10 | PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable. |
| CVE-2006-1155 | 2006-03-12 | Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1)... |
| CVE-2006-1156 | 2006-03-12 | SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. |
| CVE-2006-1157 | 2006-03-12 | Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when... |
| CVE-2006-1158 | 2006-03-12 | Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. |
| CVE-2006-0557 | 2006-03-12 | sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack... |
| CVE-2006-1159 | 2006-03-12 | Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string... |
| CVE-2006-1160 | 2006-03-12 | Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder... |
| CVE-2006-1161 | 2006-03-12 | Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder. |
| CVE-2006-1162 | 2006-03-12 | Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by... |
| CVE-2006-1163 | 2006-03-12 | Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: it is possible that this issue is resultant... |
| CVE-2006-1164 | 2006-03-12 | Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes... |
| CVE-2006-1165 | 2006-03-12 | Cross-site scripting (XSS) vulnerability in the mediamanager module in DokuWiki before 2006-03-05 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors relating to "handling EXIF... |
| CVE-2006-1166 | 2006-03-12 | Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or... |
| CVE-2006-1183 | 2006-03-13 | The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. |
| CVE-2005-3526 | 2006-03-13 | Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. |
| CVE-2006-0819 | 2006-03-13 | Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension... |
| CVE-2006-0820 | 2006-03-13 | Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. |
| CVE-2006-0950 | 2006-03-13 | unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. |
| CVE-2006-0049 | 2006-03-13 | gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet,... |
| CVE-2006-1194 | 2006-03-13 | Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32,... |
| CVE-2006-1195 | 2006-03-13 | The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to... |
| CVE-2006-1196 | 2006-03-13 | Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3)... |
| CVE-2006-1197 | 2006-03-13 | SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. |
| CVE-2006-1198 | 2006-03-14 | Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users... |
| CVE-2006-1199 | 2006-03-14 | Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. |
| CVE-2006-1200 | 2006-03-14 | Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored... |
| CVE-2006-1201 | 2006-03-14 | Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot)... |
| CVE-2006-1202 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php,... |
| CVE-2006-1203 | 2006-03-14 | PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to... |
| CVE-2006-1204 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters... |
| CVE-2006-1205 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters... |
| CVE-2006-1206 | 2006-03-14 | Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot... |
| CVE-2006-1207 | 2006-03-14 | PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME]... |
| CVE-2006-1208 | 2006-03-14 | Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the... |
| CVE-2006-1209 | 2006-03-14 | PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash... |
| CVE-2006-1210 | 2006-03-14 | The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the... |
| CVE-2006-1211 | 2006-03-14 | IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure... |
| CVE-2006-1212 | 2006-03-14 | Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this... |
| CVE-2006-1213 | 2006-03-14 | JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory,... |
| CVE-2006-1214 | 2006-03-14 | UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC." |
| CVE-2006-0457 | 2006-03-14 | Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel... |
| CVE-2006-1215 | 2006-03-14 | Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has... |
| CVE-2006-1216 | 2006-03-14 | Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2006-1217 | 2006-03-14 | SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. |
| CVE-2006-1218 | 2006-03-14 | Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related... |
| CVE-2006-1219 | 2006-03-14 | Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to... |
| CVE-2006-1220 | 2006-03-14 | Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message... |
| CVE-2006-0396 | 2006-03-14 | Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real... |
| CVE-2006-0397 | 2006-03-14 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be... |
| CVE-2006-0398 | 2006-03-14 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be... |
| CVE-2006-0399 | 2006-03-14 | Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be... |
| CVE-2006-0400 | 2006-03-14 | CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." |
| CVE-2006-1221 | 2006-03-14 | Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a... |
| CVE-2006-1222 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and... |
| CVE-2006-1223 | 2006-03-14 | Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. |
| CVE-2006-1224 | 2006-03-14 | Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. |
| CVE-2005-4730 | 2006-03-14 | Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds. |
| CVE-2006-1225 | 2006-03-14 | CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. |
| CVE-2006-1226 | 2006-03-14 | Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1227 | 2006-03-14 | Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might... |
| CVE-2006-1228 | 2006-03-14 | Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the... |
| CVE-2006-1229 | 2006-03-14 | SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is... |
| CVE-2006-1230 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4)... |
| CVE-2006-1231 | 2006-03-14 | CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. |
| CVE-2006-1232 | 2006-03-14 | Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and... |
| CVE-2006-1233 | 2006-03-14 | Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or... |
| CVE-2006-1234 | 2006-03-14 | SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. |
| CVE-2006-0009 | 2006-03-14 | Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified... |
| CVE-2006-0028 | 2006-03-14 | Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file... |
| CVE-2006-0029 | 2006-03-14 | Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a... |
| CVE-2006-0030 | 2006-03-14 | Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a... |
| CVE-2006-0031 | 2006-03-14 | Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with... |
| CVE-2006-1235 | 2006-03-14 | Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue... |
| CVE-2006-1236 | 2006-03-15 | Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. |
| CVE-2006-0024 | 2006-03-15 | Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file. |
| CVE-2006-1237 | 2006-03-15 | Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. |
| CVE-2006-1238 | 2006-03-15 | SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. |
| CVE-2006-1239 | 2006-03-15 | Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is... |
| CVE-2000-1239 | 2006-03-15 | The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM Tivoli Management Framework 3.7.1 sets http_disable to zero at install time, which allows remote authenticated users to bypass file... |
| CVE-2005-4731 | 2006-03-15 | The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer... |
| CVE-2006-1240 | 2006-03-15 | Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument. |
| CVE-2006-1241 | 2006-03-15 | Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240,... |
| CVE-2006-1242 | 2006-03-15 | The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to... |
| CVE-2006-1243 | 2006-03-15 | Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL... |
| CVE-2006-1244 | 2006-03-15 | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack... |