Lista CVE - 2006 / Agosto
Visualizzazione 201 - 300 di 554 CVE per Agosto 2006 (Pagina 3 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2006-4090 | 2006-08-11 | Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname... |
| CVE-2006-4091 | 2006-08-11 | Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section. |
| CVE-2006-4092 | 2006-08-11 | Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web... |
| CVE-2006-4084 | 2006-08-11 | Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical." |
| CVE-2006-3813 | 2006-08-11 | A regression error in the Perl package for Red Hat Enterprise Linux 4 omits the patch for CVE-2005-0155, which allows local users to overwrite arbitrary files with debugging information. |
| CVE-2006-4019 | 2006-08-11 | Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users. |
| CVE-2006-1168 | 2006-08-14 | The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data... |
| CVE-2006-4102 | 2006-08-14 | PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4103 | 2006-08-14 | PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. |
| CVE-2006-4104 | 2006-08-14 | Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input." |
| CVE-2006-4105 | 2006-08-14 | Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message. |
| CVE-2006-4106 | 2006-08-14 | Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. |
| CVE-2006-4107 | 2006-08-14 | SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. |
| CVE-2006-4108 | 2006-08-14 | SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-4109 | 2006-08-14 | Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified... |
| CVE-2006-4110 | 2006-08-14 | Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive... |
| CVE-2006-4111 | 2006-08-14 | Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH... |
| CVE-2006-4112 | 2006-08-14 | Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled... |
| CVE-2006-4113 | 2006-08-14 | PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. |
| CVE-2006-4114 | 2006-08-14 | SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. |
| CVE-2006-4115 | 2006-08-14 | PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. |
| CVE-2006-4116 | 2006-08-14 | Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction;... |
| CVE-2006-4117 | 2006-08-14 | The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening... |
| CVE-2006-4118 | 2006-08-14 | Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in... |
| CVE-2006-4119 | 2006-08-14 | SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown;... |
| CVE-2006-4120 | 2006-08-14 | Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4121 | 2006-08-14 | PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. |
| CVE-2006-4122 | 2006-08-14 | Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. |
| CVE-2006-4123 | 2006-08-14 | PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. |
| CVE-2006-4124 | 2006-08-14 | The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run... |
| CVE-2006-4125 | 2006-08-14 | Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp... |
| CVE-2006-4126 | 2006-08-14 | The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the... |
| CVE-2006-4127 | 2006-08-14 | Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1)... |
| CVE-2006-4128 | 2006-08-14 | Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for... |
| CVE-2006-4129 | 2006-08-14 | PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4130 | 2006-08-14 | PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP... |
| CVE-2006-4131 | 2006-08-14 | Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and possibly earlier, and 2.0.0.13, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code... |
| CVE-2006-4132 | 2006-08-14 | ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to... |
| CVE-2006-4133 | 2006-08-14 | Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 and earlier, and 7.00 and earlier, allows remote attackers to cause a denial of service (crash) or execute arbitrary code... |
| CVE-2006-4134 | 2006-08-14 | Unspecified vulnerability related to a "design flaw" in SAP Internet Graphics Service (IGS) 6.40 and earlier and 7.00 and earlier allows remote attackers to cause a denial of service (service... |
| CVE-2006-4135 | 2006-08-14 | PHP remote file inclusion vulnerability in cal_config.inc.php in Calendarix 0.7.20060401 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the calpath parameter. NOTE: this issue... |
| CVE-2006-4136 | 2006-08-14 | Multiple unspecified vulnerabilities in IBM WebSphere Application Server before 6.1.0.1 have unspecified impact and attack vectors involving (1) "SOAP requests and responses", (2) mbean, (3) ThreadIdentitySupport, and possibly others. |
| CVE-2006-4137 | 2006-08-14 | IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and... |
| CVE-2006-4138 | 2006-08-14 | Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files. |
| CVE-2006-4139 | 2006-08-14 | Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. |
| CVE-2006-4140 | 2006-08-14 | Directory traversal vulnerability in IPCheck Server Monitor before 5.3.3.639/640 allows remote attackers to read arbitrary files via modified .. (dot dot) sequences in the URL, including (1) "..%2f" (encoded "/"... |
| CVE-2006-4141 | 2006-08-14 | SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) sortby and (2) sortorder parameters. |
| CVE-2006-4142 | 2006-08-14 | SQL injection vulnerability in extra/online.php in Virtual War (VWar) 1.5.0 R14 and earlier allows remote attackers to execute arbitrary SQL commands via the n parameter. |
| CVE-2006-4143 | 2006-08-15 | Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums. |
| CVE-2006-2446 | 2006-08-15 | Race condition between the kfree_skb and __skb_unlink functions in the socket buffer handling in Linux kernel 2.6.9, and possibly other versions, allows remote attackers to cause a denial of service... |
| CVE-2006-4144 | 2006-08-15 | Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1)... |
| CVE-2006-4030 | 2006-08-16 | Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs." |
| CVE-2006-4155 | 2006-08-16 | Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic." |
| CVE-2006-4156 | 2006-08-16 | PHP remote file inclusion vulnerability in big.php in pearlabs mafia moblog 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtotemplate parameter. NOTE:... |
| CVE-2006-4157 | 2006-08-16 | Cross-site scripting (XSS) vulnerability in index.php in Yet another Bulletin Board (YaBB) allows remote attackers to inject arbitrary web script or HTML via the categories parameter. |
| CVE-2006-4158 | 2006-08-16 | PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. |
| CVE-2006-4159 | 2006-08-16 | Multiple PHP remote file inclusion vulnerabilities in Chaussette 080706 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _BASE parameter to scripts in Classes/... |
| CVE-2006-4160 | 2006-08-16 | Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and Vincent Furia MVCnPHP 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the glConf[path_library] parameter to... |
| CVE-2006-4161 | 2006-08-16 | Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter. |
| CVE-2006-4162 | 2006-08-16 | Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search field. |
| CVE-2006-4163 | 2006-08-16 | PHP remote file inclusion vulnerability in cls_fast_template.php in myWebland miniBloggie 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fname parameter. NOTE: another... |
| CVE-2006-4164 | 2006-08-16 | PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter. |
| CVE-2006-4165 | 2006-08-16 | Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4166 | 2006-08-16 | PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2)... |
| CVE-2006-4184 | 2006-08-17 | SmartLine DeviceLock before 5.73 Build 305 does not properly enforce access control lists (ACL) in raw mode, which allows local users to bypass NTFS controls and obtain sensitive information. |
| CVE-2006-4185 | 2006-08-17 | Unspecified vulnerability in the NCPENGINE in Novell eDirectory 8.7.3.8 allows local users to cause a denial of service (CPU consumption) via unspecified vectors, as originally demonstrated using a Nessus scan. |
| CVE-2006-4186 | 2006-08-17 | The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes passwords in plaintext to a log file, which allows local users to obtain passwords by reading the file. |
| CVE-2006-4187 | 2006-08-17 | Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when running in trusted mode, allows local users to cause a denial of service via unspecified vectors. |
| CVE-2006-4188 | 2006-08-17 | Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. |
| CVE-2006-3121 | 2006-08-17 | The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the... |
| CVE-2006-3854 | 2006-08-17 | Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, 9.40.TC8, 10.00.TC4, and 10.00.TC5, when running on Windows, allows remote attackers to execute arbitrary code via a long username, which causes... |
| CVE-2006-3859 | 2006-08-17 | IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands. |
| CVE-2006-3860 | 2006-08-17 | IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the... |
| CVE-2006-4189 | 2006-08-17 | Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) index.php, (2) aemodule.php, (3)... |
| CVE-2006-4190 | 2006-08-17 | Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload... |
| CVE-2006-4191 | 2006-08-17 | Directory traversal vulnerability in memcp.php in XMB (Extreme Message Board) 1.9.6 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the langfilenew... |
| CVE-2006-4192 | 2006-08-17 | Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and earlier and libmodplug 0.8 and earlier, as used in GStreamer and possibly other products, allow user-assisted remote attackers to execute arbitrary... |
| CVE-2006-4193 | 2006-08-17 | Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code by instantiating COM objects as ActiveX controls,... |
| CVE-2006-4194 | 2006-08-17 | Unspecified vulnerability in Cisco PIX 500 Series Security Appliances allows remote attackers to send arbitrary UDP packets to intranet devices via unspecified vectors involving Session Initiation Protocol (SIP) fixup commands,... |
| CVE-2006-4021 | 2006-08-17 | The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB... |
| CVE-2006-4195 | 2006-08-17 | PHP remote file inclusion vulnerability in param.peoplebook.php in the Peoplebook Component for Mambo (com_peoplebook) 1.0 and earlier, and possibly 1.1.2, when register_globals and allow_url_fopen are enabled, allows remote attackers to... |
| CVE-2006-4196 | 2006-08-17 | PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter. |
| CVE-2006-4197 | 2006-08-17 | Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or... |
| CVE-2006-4198 | 2006-08-17 | PHP remote file inclusion vulnerability in includes/session.php in Wheatblog (wB) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4199 | 2006-08-17 | Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it... |
| CVE-2006-4200 | 2006-08-17 | Unspecified vulnerability in 04WebServer 1.83 and earlier allows remote attackers to bypass user authentication via unspecified vectors related to request processing. |
| CVE-2006-4201 | 2006-08-17 | Unspecified vulnerability in the backup agent and Cell Manager in HP OpenView Storage Data Protector 5.1 and 5.5 before 20060810 allows remote attackers to execute arbitrary code on an agent... |
| CVE-2006-4202 | 2006-08-17 | SQL injection vulnerability in proje_goster.php in Spidey Blog Script 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| CVE-2006-4203 | 2006-08-17 | PHP remote file inclusion vulnerability in help.mmp.php in the MMP Component (com_mmp) 1.2 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4204 | 2006-08-17 | Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 and possibly earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) path_pre parameter in lib/specialdays.php... |
| CVE-2006-4205 | 2006-08-17 | Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1)... |
| CVE-2006-4206 | 2006-08-17 | Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or... |
| CVE-2006-4207 | 2006-08-17 | Multiple PHP remote file inclusion vulnerabilities in Bob Jewell Discloser 0.0.4 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fileloc parameter to (1)... |
| CVE-2006-4208 | 2006-08-17 | Directory traversal vulnerability in wp-db-backup.php in Skippy WP-DB-Backup plugin for WordPress 1.7 and earlier allows remote authenticated users with administrative privileges to read arbitrary files via a .. (dot dot)... |
| CVE-2006-4209 | 2006-08-17 | PHP remote file inclusion vulnerability in install3.php in WEBInsta Mailing List Manager 1.3e allows remote attackers to execute arbitrary PHP code via a URL in the cabsolute_path parameter. |
| CVE-2006-4210 | 2006-08-17 | nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when register_globals is enabled, allows remote attackers to use the server as an open mail relay via modified mail_text2, user_row[5], nu_mail_1, and... |
| CVE-2006-4211 | 2006-08-17 | Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4212 | 2006-08-17 | SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-4213 | 2006-08-17 | PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path... |
| CVE-2006-4214 | 2006-08-17 | Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can... |