Lista CVE - 2006 / Agosto
Visualizzazione 401 - 500 di 554 CVE per Agosto 2006 (Pagina 5 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2006-4319 | 2006-08-24 | Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary... |
| CVE-2006-4320 | 2006-08-24 | PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. |
| CVE-2006-4321 | 2006-08-24 | PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL... |
| CVE-2006-4322 | 2006-08-24 | PHP remote file inclusion vulnerability in estateagent.php in the EstateAgent component (com_estateagent) for Mambo, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2006-4323 | 2006-08-24 | SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. |
| CVE-2006-4324 | 2006-08-24 | Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2006-4325 | 2006-08-24 | Cross-site scripting (XSS) vulnerability in gbook.php in Doika guestbook 2.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2006-4326 | 2006-08-24 | Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code... |
| CVE-2006-4327 | 2006-08-24 | Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or... |
| CVE-2006-4328 | 2006-08-24 | SQL injection vulnerability in admin.php in CloudNine Interactive Links Manager 2006-06-12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. |
| CVE-2006-4329 | 2006-08-24 | Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to... |
| CVE-2006-4330 | 2006-08-24 | Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. |
| CVE-2006-4331 | 2006-08-24 | Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors. |
| CVE-2006-4332 | 2006-08-24 | Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors... |
| CVE-2006-4333 | 2006-08-24 | The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use... |
| CVE-2006-4344 | 2006-08-24 | CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi. |
| CVE-2006-4345 | 2006-08-24 | Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. |
| CVE-2006-4346 | 2006-08-24 | Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite... |
| CVE-2006-4347 | 2006-08-24 | SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL... |
| CVE-2006-4348 | 2006-08-24 | PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4349 | 2006-08-24 | PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably... |
| CVE-2006-4350 | 2006-08-24 | SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-4351 | 2006-08-24 | Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2006-2112 | 2006-08-25 | Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware... |
| CVE-2006-2113 | 2006-08-25 | The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628... |
| CVE-2006-3743 | 2006-08-25 | Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images. |
| CVE-2006-3744 | 2006-08-25 | Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows. |
| CVE-2006-4353 | 2006-08-25 | Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. |
| CVE-2006-4352 | 2006-08-25 | The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to... |
| CVE-2006-4354 | 2006-08-25 | PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. |
| CVE-2006-4355 | 2006-08-25 | Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4356 | 2006-08-25 | SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-4357 | 2006-08-25 | PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. |
| CVE-2006-4358 | 2006-08-25 | Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter. |
| CVE-2006-4359 | 2006-08-25 | Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename. |
| CVE-2006-4360 | 2006-08-25 | Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via... |
| CVE-2006-4361 | 2006-08-25 | Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters. |
| CVE-2006-4362 | 2006-08-25 | Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter. |
| CVE-2006-4363 | 2006-08-25 | PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter. |
| CVE-2006-4364 | 2006-08-25 | Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code... |
| CVE-2006-4365 | 2006-08-26 | Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or... |
| CVE-2006-4366 | 2006-08-26 | PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: the provenance of this... |
| CVE-2006-4367 | 2006-08-26 | SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| CVE-2006-4368 | 2006-08-26 | PHP remote file inclusion vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. |
| CVE-2006-4369 | 2006-08-26 | Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path... |
| CVE-2006-4370 | 2006-08-26 | Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. |
| CVE-2006-4371 | 2006-08-26 | Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot... |
| CVE-2006-4372 | 2006-08-26 | PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in... |
| CVE-2006-4373 | 2006-08-26 | PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. |
| CVE-2006-4374 | 2006-08-26 | IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. |
| CVE-2006-4375 | 2006-08-26 | PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path... |
| CVE-2006-4376 | 2006-08-26 | Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr... |
| CVE-2006-4377 | 2006-08-26 | Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache... |
| CVE-2006-4378 | 2006-08-26 | Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via... |
| CVE-2006-3124 | 2006-08-26 | Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. |
| CVE-2006-4380 | 2006-08-28 | MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects. |
| CVE-2006-4416 | 2006-08-28 | Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1)... |
| CVE-2006-4417 | 2006-08-28 | SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. |
| CVE-2006-4418 | 2006-08-28 | Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a... |
| CVE-2006-4419 | 2006-08-28 | SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. |
| CVE-2006-4420 | 2006-08-28 | Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter. |
| CVE-2006-4421 | 2006-08-29 | Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter. |
| CVE-2006-4422 | 2006-08-29 | PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than... |
| CVE-2006-4423 | 2006-08-29 | Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php,... |
| CVE-2006-4424 | 2006-08-29 | PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. |
| CVE-2006-4425 | 2006-08-29 | Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3)... |
| CVE-2006-4426 | 2006-08-29 | PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. |
| CVE-2006-4427 | 2006-08-29 | index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". |
| CVE-2006-4428 | 2006-08-29 | PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this... |
| CVE-2006-4429 | 2006-08-29 | PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter,... |
| CVE-2006-4430 | 2006-08-29 | The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by... |
| CVE-2006-4431 | 2006-08-29 | Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service... |
| CVE-2006-4432 | 2006-08-29 | Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session... |
| CVE-2006-4433 | 2006-08-29 | PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote... |
| CVE-2006-4434 | 2006-08-29 | Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced.... |
| CVE-2006-4435 | 2006-08-29 | OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. |
| CVE-2006-4436 | 2006-08-29 | isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which... |
| CVE-2006-4439 | 2006-08-29 | pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode... |
| CVE-2006-4440 | 2006-08-29 | PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter. |
| CVE-2006-4441 | 2006-08-29 | Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to... |
| CVE-2006-4442 | 2006-08-29 | Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field).... |
| CVE-2006-4443 | 2006-08-29 | PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter. |
| CVE-2006-4444 | 2006-08-29 | Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO... |
| CVE-2006-4445 | 2006-08-29 | Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php.... |
| CVE-2005-4809 | 2006-08-30 | Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a... |
| CVE-2005-4810 | 2006-08-30 | Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX). |
| CVE-2006-4305 | 2006-08-30 | Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client. |
| CVE-2006-4446 | 2006-08-30 | Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a... |
| CVE-2006-4447 | 2006-08-30 | X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might... |
| CVE-2006-4448 | 2006-08-30 | Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in... |
| CVE-2006-4449 | 2006-08-30 | Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains... |
| CVE-2006-4450 | 2006-08-30 | usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is... |
| CVE-2006-4451 | 2006-08-30 | Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by... |
| CVE-2003-1305 | 2006-08-30 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. |
| CVE-2006-4452 | 2006-08-30 | PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH... |
| CVE-2006-4453 | 2006-08-30 | Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups". |
| CVE-2006-4454 | 2006-08-30 | Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. |
| CVE-2006-4455 | 2006-08-30 | Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this... |
| CVE-2006-4244 | 2006-08-31 | SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as... |
| CVE-2006-4456 | 2006-08-31 | PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. |