Total 277353 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-0233 1 Microblog 1 Microblog 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
CVE-2006-0232 1 Symantec 1 Antivirus Scan Engine 2024-11-21 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
CVE-2006-0231 1 Symantec 1 Antivirus Scan Engine 2024-11-21 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
CVE-2006-0230 1 Symantec 1 Antivirus Scan Engine 2024-11-21 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
CVE-2006-0229 1 Wehnus 1 Wehntrust 2024-11-21 N/A
Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.
CVE-2006-0228 1 Grsecurity 1 Grsecurity Kernel Patch 2024-11-21 N/A
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
CVE-2006-0227 1 Sun 2 Solaris, Sunos 2024-11-21 N/A
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
CVE-2006-0226 1 Freebsd 1 Freebsd 2024-11-21 N/A
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.
CVE-2006-0225 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2024-11-21 N/A
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
CVE-2006-0224 1 Libast 1 Libast 2024-11-21 N/A
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
CVE-2006-0223 1 Topcmm Computing 1 123 Flash Chat Server 2024-11-21 N/A
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.
CVE-2006-0222 1 Alstrasoft 1 Template Seller 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
CVE-2006-0221 1 Ddsn 1 Cm3cms 2024-11-21 N/A
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
CVE-2006-0220 1 Codeworx Technologies 1 Dcp-portal 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
CVE-2006-0219 1 Mybulletinboard 1 Mybulletinboard 2024-11-21 N/A
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
CVE-2006-0218 1 Mybb 1 Mybb 2024-11-21 N/A
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.
CVE-2006-0217 1 Ultimate Auction 1 Ultimate Auction 2024-11-21 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
CVE-2006-0216 1 Qualityebiz 1 Quality Ppc 2024-11-21 N/A
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.
CVE-2006-0215 1 Qualityebiz 1 Quality Ppc 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216.
CVE-2006-0214 1 Indexcor 1 Ezdatabase 2024-11-21 N/A
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls.