Filtered by CWE-20
Total 11841 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-4023 1 Php 1 Php 2024-11-21 N/A
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
CVE-2006-3942 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2024-11-21 N/A
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
CVE-2006-3633 1 Ossp 1 Shiela 2024-11-21 N/A
OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.
CVE-2006-3451 1 Microsoft 1 Ie 2024-11-21 N/A
Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-3450 1 Microsoft 2 Ie, Internet Explorer 2024-11-21 N/A
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file.
CVE-2006-3423 1 Webex Communications 2 Downloader Activexcontrol, Downloader Java 2024-11-21 N/A
WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file.
CVE-2006-3281 1 Microsoft 1 Internet Explorer 2024-11-21 N/A
Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear.
CVE-2006-3014 1 Microsoft 1 Excel 2024-11-21 N/A
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
CVE-2006-2920 2 Sylpheed, Sylpheed-claws 2 Sylpheed, Sylpheed-claws 2024-11-21 N/A
Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote attackers to bypass the URI check functionality and makes it easier to conduct phishing attacks via a URI that begins with a space character.
CVE-2006-2894 2 Mozilla, Netscape 4 Firefox, Mozilla Suite, Seamonkey and 1 more 2024-11-21 N/A
Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2 and other versions before 1.1.5, and Netscape 8.1 and earlier allow user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.
CVE-2006-2782 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2024-11-21 N/A
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.
CVE-2006-2223 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2024-11-21 N/A
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
CVE-2006-2220 1 Phpbb 1 Phpbb 2024-11-21 N/A
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.
CVE-2006-2219 1 Phpbb Group 1 Phpbb 2024-11-21 N/A
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.
CVE-2006-1957 2 Joomla, Mambo-foundation 2 Joomla\!, Mambo 2024-11-21 N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.
CVE-2006-1858 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters.
CVE-2006-1729 3 Canonical, Mozilla, Redhat 5 Ubuntu Linux, Firefox, Mozilla Suite and 2 more 2024-11-21 N/A
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.
CVE-2006-1721 2 Cyrus, Redhat 2 Sasl, Enterprise Linux 2024-11-21 N/A
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
CVE-2006-1626 1 Microsoft 2 Internet Explorer, Windows Xp 2024-11-21 N/A
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
CVE-2006-1528 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 N/A
Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.