CVE List - 2006 / December
Showing 301 - 400 of 675 CVEs for December 2006 (Page 4 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-2386 | 2006-12-13 | Unspecified vulnerability in Microsoft Outlook Express 6 and earlier allows remote attackers to execute arbitrary code via a crafted contact record in a Windows Address Book (WAB) file. |
| CVE-2006-4702 | 2006-12-13 | Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute... |
| CVE-2006-5584 | 2006-12-13 | The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain... |
| CVE-2006-5585 | 2006-12-13 | The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption... |
| CVE-2006-6494 | 2006-12-13 | Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable... |
| CVE-2006-6495 | 2006-12-13 | Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in... |
| CVE-2006-6496 | 2006-12-13 | The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers,... |
| CVE-2006-5875 | 2006-12-14 | eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address". |
| CVE-2006-6107 | 2006-12-14 | Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process... |
| CVE-2006-6508 | 2006-12-14 | Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is... |
| CVE-2006-6509 | 2006-12-14 | Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI,... |
| CVE-2006-6510 | 2006-12-14 | An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. |
| CVE-2006-6511 | 2006-12-14 | dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature,... |
| CVE-2006-5648 | 2006-12-14 | Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes... |
| CVE-2006-5649 | 2006-12-14 | Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic)... |
| CVE-2006-6512 | 2006-12-14 | Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded backslashes ("%2F")... |
| CVE-2006-6513 | 2006-12-14 | The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot)... |
| CVE-2006-6514 | 2006-12-14 | Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated users to access... |
| CVE-2006-6515 | 2006-12-14 | Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders. |
| CVE-2006-6516 | 2006-12-14 | Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3,... |
| CVE-2006-6517 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b)... |
| CVE-2006-6518 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message,... |
| CVE-2006-6519 | 2006-12-14 | SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows remote attackers to execute arbitrary SQL commands via the aa parameter. |
| CVE-2006-6520 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter... |
| CVE-2006-6521 | 2006-12-14 | SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. |
| CVE-2006-6522 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2)... |
| CVE-2006-6523 | 2006-12-14 | Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. |
| CVE-2006-6524 | 2006-12-14 | SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. |
| CVE-2006-6525 | 2006-12-14 | SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information... |
| CVE-2006-6526 | 2006-12-14 | PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. |
| CVE-2006-6527 | 2006-12-14 | PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance... |
| CVE-2006-6528 | 2006-12-14 | The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. |
| CVE-2006-6530 | 2006-12-14 | SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-6531 | 2006-12-14 | Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node... |
| CVE-2006-6532 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to... |
| CVE-2006-6533 | 2006-12-14 | Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue... |
| CVE-2006-6529 | 2006-12-14 | The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. |
| CVE-2006-6534 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to... |
| CVE-2006-6537 | 2006-12-14 | IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. |
| CVE-2006-6538 | 2006-12-14 | D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and... |
| CVE-2006-6539 | 2006-12-14 | Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an... |
| CVE-2006-6540 | 2006-12-14 | SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are... |
| CVE-2006-6541 | 2006-12-14 | PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter. NOTE:... |
| CVE-2006-6542 | 2006-12-14 | SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-6543 | 2006-12-14 | Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE:... |
| CVE-2006-6544 | 2006-12-14 | Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details... |
| CVE-2006-6545 | 2006-12-14 | PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-6546 | 2006-12-14 | PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter. |
| CVE-2006-6536 | 2006-12-14 | Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this... |
| CVE-2006-6547 | 2006-12-14 | Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute... |
| CVE-2006-6548 | 2006-12-14 | Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2)... |
| CVE-2006-6549 | 2006-12-14 | PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this... |
| CVE-2006-6550 | 2006-12-14 | PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes... |
| CVE-2006-6551 | 2006-12-14 | PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME]... |
| CVE-2006-6552 | 2006-12-14 | PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. |
| CVE-2006-6553 | 2006-12-14 | PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. |
| CVE-2006-6554 | 2006-12-14 | Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. |
| CVE-2006-6555 | 2006-12-14 | Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2006-6556 | 2006-12-14 | The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a... |
| CVE-2006-6557 | 2006-12-14 | Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." |
| CVE-2006-6558 | 2006-12-14 | Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. |
| CVE-2006-6559 | 2006-12-14 | SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter. |
| CVE-2006-6560 | 2006-12-14 | PHP remote file inclusion vulnerability in includes/common.php in the mx_modsdb 1.0.0 module for MxBB (aka MX-System) Portal allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-6561 | 2006-12-14 | Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated... |
| CVE-2006-4902 | 2006-12-14 | The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers... |
| CVE-2006-5822 | 2006-12-14 | Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code... |
| CVE-2006-6222 | 2006-12-14 | Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code... |
| CVE-2006-6304 | 2006-12-14 | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via... |
| CVE-2006-6474 | 2006-12-14 | Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF... |
| CVE-2006-6105 | 2006-12-15 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which... |
| CVE-2006-6563 | 2006-12-15 | Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. |
| CVE-2006-6564 | 2006-12-15 | FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE:... |
| CVE-2006-6565 | 2006-12-15 | FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a... |
| CVE-2006-6566 | 2006-12-15 | PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the... |
| CVE-2006-6567 | 2006-12-15 | PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path... |
| CVE-2006-6568 | 2006-12-15 | Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx... |
| CVE-2006-6569 | 2006-12-15 | form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap... |
| CVE-2006-6570 | 2006-12-15 | Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. |
| CVE-2006-6571 | 2006-12-15 | Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly... |
| CVE-2006-6572 | 2006-12-15 | Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote... |
| CVE-2006-6573 | 2006-12-15 | Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated... |
| CVE-2003-1311 | 2006-12-15 | siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting... |
| CVE-2003-1312 | 2006-12-15 | siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing,... |
| CVE-2004-2666 | 2006-12-15 | Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting... |
| CVE-2006-6574 | 2006-12-15 | Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by... |
| CVE-2006-6575 | 2006-12-15 | PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a... |
| CVE-2006-6576 | 2006-12-15 | Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command.... |
| CVE-2006-6577 | 2006-12-15 | SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-6578 | 2006-12-15 | Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM... |
| CVE-2006-6579 | 2006-12-15 | Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP... |
| CVE-2006-6580 | 2006-12-15 | admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly... |
| CVE-2006-6581 | 2006-12-15 | PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. |
| CVE-2006-6582 | 2006-12-15 | Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password... |
| CVE-2006-6584 | 2006-12-15 | Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. |
| CVE-2006-6585 | 2006-12-15 | The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name... |
| CVE-2006-6586 | 2006-12-15 | Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1)... |
| CVE-2006-6587 | 2006-12-15 | Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2006-6589 | 2006-12-15 | Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING... |
| CVE-2006-6590 | 2006-12-15 | PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. |
| CVE-2006-6591 | 2006-12-15 | PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. |