CVE List - 2006 / January
Showing 401 - 500 of 509 CVEs for January 2006 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-0368 | 2006-01-22 | Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via... |
| CVE-2006-0369 | 2006-01-22 | MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE:... |
| CVE-2006-0370 | 2006-01-22 | Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. |
| CVE-2006-0371 | 2006-01-22 | Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via... |
| CVE-2006-0372 | 2006-01-22 | Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a... |
| CVE-2006-0373 | 2006-01-22 | Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is... |
| CVE-2006-0374 | 2006-01-22 | Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents... |
| CVE-2006-0375 | 2006-01-22 | Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide... |
| CVE-2006-0376 | 2006-01-22 | The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a... |
| CVE-2004-0592 | 2006-01-23 | The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause... |
| CVE-2005-3653 | 2006-01-23 | Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request... |
| CVE-2006-0378 | 2006-01-23 | Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program.... |
| CVE-2002-1571 | 2006-01-23 | The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction clears all registers, which could lead to an information leak on processors that do not clear all relevant SSE... |
| CVE-2005-3356 | 2006-01-23 | The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the... |
| CVE-2005-3628 | 2006-01-23 | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory... |
| CVE-2006-0036 | 2006-01-23 | ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound... |
| CVE-2006-0037 | 2006-01-23 | ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows local users to cause a denial of service (memory corruption or crash) via a crafted... |
| CVE-2006-0321 | 2006-01-24 | fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when... |
| CVE-2006-0224 | 2006-01-25 | Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp... |
| CVE-2006-0402 | 2006-01-25 | SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. |
| CVE-2006-0403 | 2006-01-25 | Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some... |
| CVE-2006-0404 | 2006-01-25 | Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which... |
| CVE-2006-0405 | 2006-01-25 | The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference,... |
| CVE-2006-0406 | 2006-01-25 | search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid... |
| CVE-2006-0407 | 2006-01-25 | Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and... |
| CVE-2006-0408 | 2006-01-25 | rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. |
| CVE-2006-0409 | 2006-01-25 | Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. |
| CVE-2006-0410 | 2006-01-25 | SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. |
| CVE-2006-0225 | 2006-01-25 | scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. |
| CVE-2006-0411 | 2006-01-25 | claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. |
| CVE-2006-0412 | 2006-01-25 | SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. |
| CVE-2006-0413 | 2006-01-25 | Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. |
| CVE-2006-0414 | 2006-01-25 | Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a... |
| CVE-2006-0415 | 2006-01-25 | Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. |
| CVE-2006-0416 | 2006-01-25 | SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. |
| CVE-2006-0417 | 2006-01-25 | SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and... |
| CVE-2006-0418 | 2006-01-25 | Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. |
| CVE-2005-4667 | 2006-01-25 | Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program,... |
| CVE-2006-0379 | 2006-01-25 | FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. |
| CVE-2006-0380 | 2006-01-25 | A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which... |
| CVE-2006-0381 | 2006-01-25 | A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a 'scrub fragment crop' or 'scrub fragment drop-ovl' rule is... |
| CVE-2006-0419 | 2006-01-25 | BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries... |
| CVE-2006-0420 | 2006-01-25 | BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial... |
| CVE-2006-0421 | 2006-01-25 | By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain... |
| CVE-2006-0422 | 2006-01-25 | Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an... |
| CVE-2006-0423 | 2006-01-25 | BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. |
| CVE-2006-0424 | 2006-01-25 | BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration... |
| CVE-2006-0425 | 2006-01-25 | BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors. |
| CVE-2006-0426 | 2006-01-25 | BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log... |
| CVE-2006-0427 | 2006-01-25 | Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0 and 8.1 through SP5 allows malicious EJBs or servlet applications to decrypt system passwords, possibly by accessing functionality that should... |
| CVE-2006-0428 | 2006-01-25 | Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. |
| CVE-2006-0429 | 2006-01-25 | BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator... |
| CVE-2006-0430 | 2006-01-25 | Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which... |
| CVE-2006-0431 | 2006-01-25 | Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. |
| CVE-2006-0432 | 2006-01-25 | Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which... |
| CVE-2006-0434 | 2006-01-26 | Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than... |
| CVE-2006-0435 | 2006-01-26 | Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration... |
| CVE-2006-0436 | 2006-01-26 | Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. |
| CVE-2005-4668 | 2006-01-26 | The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through... |
| CVE-2006-0439 | 2006-01-26 | Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by... |
| CVE-2006-0440 | 2006-01-26 | Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads... |
| CVE-2006-0441 | 2006-01-26 | Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. |
| CVE-2006-0442 | 2006-01-26 | Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action... |
| CVE-2006-0443 | 2006-01-26 | Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via... |
| CVE-2006-0444 | 2006-01-26 | SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum... |
| CVE-2006-0445 | 2006-01-26 | index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\" |
| CVE-2005-4669 | 2006-01-26 | SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. |
| CVE-2006-0446 | 2006-01-27 | Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. |
| CVE-2006-0447 | 2006-01-27 | Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or... |
| CVE-2006-0448 | 2006-01-27 | Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories... |
| CVE-2006-0449 | 2006-01-27 | Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND... |
| CVE-2006-0450 | 2006-01-27 | phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a... |
| CVE-2002-1572 | 2006-01-27 | Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors. |
| CVE-2002-1573 | 2006-01-27 | Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling." |
| CVE-2006-0057 | 2006-01-27 | Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the... |
| CVE-2005-4670 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2005-4671 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
| CVE-2005-4672 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4)... |
| CVE-2005-4674 | 2006-01-27 | Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. |
| CVE-2005-4675 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. |
| CVE-2006-0461 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). |
| CVE-2006-0462 | 2006-01-27 | SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. |
| CVE-2006-0466 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. |
| CVE-2005-4673 | 2006-01-27 | ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames. |
| CVE-2006-0463 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. |
| CVE-2006-0464 | 2006-01-27 | Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. |
| CVE-2006-0465 | 2006-01-27 | Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. |
| CVE-2006-0468 | 2006-01-30 | CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly... |
| CVE-2006-0469 | 2006-01-30 | Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of... |
| CVE-2006-0301 | 2006-01-30 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial... |
| CVE-2006-0043 | 2006-01-31 | Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests... |
| CVE-2006-0467 | 2006-01-31 | Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages. |
| CVE-2005-4676 | 2006-01-31 | Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash)... |
| CVE-2006-0470 | 2006-01-31 | Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are... |
| CVE-2006-0471 | 2006-01-31 | Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript... |
| CVE-2006-0472 | 2006-01-31 | Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI... |
| CVE-2006-0473 | 2006-01-31 | Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript... |
| CVE-2006-0474 | 2006-01-31 | Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a)... |
| CVE-2006-0475 | 2006-01-31 | PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter. |
| CVE-2006-0476 | 2006-01-31 | Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). |