Lista CVE - 2006 / Agosto
Visualizzazione 501 - 554 di 554 CVE per Agosto 2006 (Pagina 6 di 6)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2006-4457 | 2006-08-31 | PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance... |
| CVE-2006-4458 | 2006-08-31 | Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in... |
| CVE-2006-4460 | 2006-08-31 | Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4462 | 2006-08-31 | Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php. |
| CVE-2006-4463 | 2006-08-31 | SQL injection vulnerability in the administrator control panel in Jetstat.com JS ASP Faq Manager 1.10 allows remote attackers to execute arbitrary SQL commands via the pwd parameter (aka the Password... |
| CVE-2006-4464 | 2006-08-31 | The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, allows remote attackers to cause a denial of service (crash) via JavaScript that constructs a large Unicode string. |
| CVE-2006-4465 | 2006-08-31 | Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to... |
| CVE-2006-4466 | 2006-08-31 | Joomla! before 1.0.11 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to... |
| CVE-2006-4467 | 2006-08-31 | Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric... |
| CVE-2006-4468 | 2006-08-31 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue... |
| CVE-2006-4469 | 2006-08-31 | Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." |
| CVE-2006-4470 | 2006-08-31 | Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. |
| CVE-2006-4471 | 2006-08-31 | The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. |
| CVE-2006-4472 | 2006-08-31 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. |
| CVE-2006-4473 | 2006-08-31 | Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. |
| CVE-2006-4474 | 2006-08-31 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help,... |
| CVE-2006-4475 | 2006-08-31 | Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. |
| CVE-2006-4476 | 2006-08-31 | Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options... |
| CVE-2006-4461 | 2006-08-31 | Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors. |
| CVE-2006-3125 | 2006-08-31 | Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as... |
| CVE-2006-4477 | 2006-08-31 | Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the... |
| CVE-2006-4478 | 2006-08-31 | SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. |
| CVE-2006-4479 | 2006-08-31 | Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. |
| CVE-2006-4480 | 2006-08-31 | Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in... |
| CVE-2006-4481 | 2006-08-31 | The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the... |
| CVE-2006-4482 | 2006-08-31 | Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors,... |
| CVE-2006-4483 | 2006-08-31 | The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions,... |
| CVE-2006-4484 | 2006-08-31 | Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size... |
| CVE-2006-4485 | 2006-08-31 | The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read. |
| CVE-2006-4486 | 2006-08-31 | Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction. |
| CVE-2006-4146 | 2006-08-31 | Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a... |
| CVE-2006-4487 | 2006-08-31 | DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. |
| CVE-2006-4488 | 2006-08-31 | PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4489 | 2006-08-31 | Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 (1.2.2) allow remote attackers to execute arbitrary PHP code via (1) a URL in the config[include_dir] parameter in actions/ipn.php or (2)... |
| CVE-2006-4490 | 2006-08-31 | Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot... |
| CVE-2006-4491 | 2006-08-31 | Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via... |
| CVE-2006-4492 | 2006-08-31 | Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. |
| CVE-2006-4493 | 2006-08-31 | xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with insecure file permissions, which allows local users to obtain sensitive information such as login credentials. NOTE: the provenance of this... |
| CVE-2006-4494 | 2006-08-31 | Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in... |
| CVE-2006-4495 | 2006-08-31 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll,... |
| CVE-2006-4496 | 2006-08-31 | Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. |
| CVE-2006-4497 | 2006-08-31 | SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-4498 | 2006-08-31 | PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different... |
| CVE-2006-4500 | 2006-08-31 | Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) about, (2) again, (3) lastname, (4) email,... |
| CVE-2006-4501 | 2006-08-31 | SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) about, (2) album, (3) id, (4) use, (5) desc, (6)... |
| CVE-2006-4502 | 2006-08-31 | ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication controls via a direct request to the "Administration Area" script. |
| CVE-2006-4503 | 2006-08-31 | Directory traversal vulnerability in link.php in NX5Linx 1.0 allows remote attackers to read arbitrary files via the logo parameter. |
| CVE-2006-4504 | 2006-08-31 | SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters. |
| CVE-2006-4505 | 2006-08-31 | CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter. |
| CVE-2006-4499 | 2006-08-31 | ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network traffic via a man-in-the-middle... |
| CVE-2006-4507 | 2006-08-31 | Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF... |
| CVE-2006-4508 | 2006-08-31 | Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic... |
| CVE-2006-4506 | 2006-08-31 | idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval... |
| CVE-2006-4522 | 2006-09-01 | Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code with root privileges via unspecified vectors. |
| CVE-2006-4523 | 2006-09-01 | The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a... |
| CVE-2006-4524 | 2006-09-01 | Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these... |
| CVE-2006-4528 | 2006-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter... |
| CVE-2006-4529 | 2006-09-01 | SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter. |
| CVE-2006-4530 | 2006-09-01 | Direct static code injection vulnerability in include/change.php in membrepass 1.5 allows remote attackers to execute arbitrary PHP code via the aifon parameter, which is injected into include/variable.php. |
| CVE-2006-4531 | 2006-09-01 | PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. |
| CVE-2006-4532 | 2006-09-01 | PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4533 | 2006-09-01 | Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3)... |
| CVE-2006-4525 | 2006-09-01 | Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array. |
| CVE-2006-4526 | 2006-09-01 | SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter. |
| CVE-2006-4527 | 2006-09-01 | includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file... |
| CVE-2006-4339 | 2006-09-05 | OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to... |
| CVE-2006-4534 | 2006-09-05 | Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack,... |
| CVE-2006-4536 | 2006-09-05 | SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter. |
| CVE-2006-4537 | 2006-09-05 | NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and Alpha 8.2 writes a password to an audit log file when there is a successful connection after a "network breakin" event, which... |
| CVE-2006-4538 | 2006-09-05 | Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory... |
| CVE-2006-4539 | 2006-09-05 | (1) includes/widgets/module_company_tickets.php and (2) includes/widgets/module_track_tickets.php Client Support Center in Cerberus Helpdesk 3.2 Build 317, and possibly earlier, allows remote attackers to bypass security restrictions and obtain sensitive information via the... |
| CVE-2006-4540 | 2006-09-05 | Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2006-4541 | 2006-09-05 | RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the... |
| CVE-2006-4542 | 2006-09-05 | Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program... |
| CVE-2006-2941 | 2006-09-06 | Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". |
| CVE-2006-3126 | 2006-09-06 | c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number. |
| CVE-2006-3636 | 2006-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2006-4095 | 2006-09-06 | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are... |
| CVE-2006-4096 | 2006-09-06 | BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the... |
| CVE-2006-4459 | 2006-09-06 | Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor. |
| CVE-2006-4543 | 2006-09-06 | Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon... |
| CVE-2006-4544 | 2006-09-06 | Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files... |
| CVE-2006-4545 | 2006-09-06 | PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php,... |
| CVE-2006-4546 | 2006-09-06 | Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_... |
| CVE-2006-4547 | 2006-09-06 | Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details... |
| CVE-2006-4548 | 2006-09-06 | e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers... |
| CVE-2006-4549 | 2006-09-06 | CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be... |
| CVE-2006-4550 | 2006-09-06 | Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses... |
| CVE-2006-4551 | 2006-09-06 | Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2)... |
| CVE-2006-4552 | 2006-09-06 | Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed. |
| CVE-2006-4553 | 2006-09-06 | PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-4554 | 2006-09-06 | Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro,... |
| CVE-2006-4555 | 2006-09-06 | Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the... |
| CVE-2006-4556 | 2006-09-06 | PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... |
| CVE-2006-4557 | 2006-09-06 | PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher... |
| CVE-2006-4558 | 2006-09-06 | DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via... |
| CVE-2006-4559 | 2006-09-06 | Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in... |
| CVE-2006-4560 | 2006-09-06 | Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script... |
| CVE-2006-4561 | 2006-09-06 | Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web... |
| CVE-2006-4562 | 2006-09-06 | The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker.... |