CVE List - 2006 / March
Showing 401 - 500 of 585 CVEs for March 2006 (Page 5 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-1350 | 2006-03-22 | PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page... |
| CVE-2006-1351 | 2006-03-22 | BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP. |
| CVE-2006-1352 | 2006-03-22 | BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service... |
| CVE-2006-1353 | 2006-03-22 | Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp;... |
| CVE-2006-1354 | 2006-03-22 | Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state... |
| CVE-2006-1355 | 2006-03-22 | avast! Antivirus 4.6.763 and earlier sets "BUILTIN\Everyone" permissions to critical system files in the installation folder, which allows local users to gain privileges or disable protection by modifying those files. |
| CVE-2006-1356 | 2006-03-22 | Stack-based buffer overflow in the count_vcards function in LibVC 3, as used in Rolo, allows user-assisted attackers to execute arbitrary code via a vCard file (e.g. contacts.vcf) containing a long... |
| CVE-2006-1357 | 2006-03-22 | Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 Firepass 4100 SSL VPN 5.4.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. |
| CVE-2006-1358 | 2006-03-22 | Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to... |
| CVE-2005-4347 | 2006-03-22 | The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access... |
| CVE-2005-4418 | 2006-03-22 | util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized... |
| CVE-2006-0038 | 2006-03-22 | Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow... |
| CVE-2006-0058 | 2006-03-22 | Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls... |
| CVE-2006-1359 | 2006-03-23 | Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox... |
| CVE-2000-1240 | 2006-03-23 | Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE: the provenance of... |
| CVE-2003-1298 | 2006-03-23 | Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root... |
| CVE-2006-0050 | 2006-03-23 | snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file. |
| CVE-2006-0905 | 2006-03-23 | A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets... |
| CVE-2006-0997 | 2006-03-23 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote... |
| CVE-2006-0998 | 2006-03-23 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it... |
| CVE-2006-0999 | 2006-03-23 | The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that... |
| CVE-2006-1360 | 2006-03-23 | Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php;... |
| CVE-2006-1361 | 2006-03-23 | Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the username field to (1) list.rhtml or (2) show.rhtml. |
| CVE-2006-1362 | 2006-03-23 | Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid... |
| CVE-2006-1363 | 2006-03-23 | images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as... |
| CVE-2006-1364 | 2006-03-23 | Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of... |
| CVE-2006-1283 | 2006-03-23 | opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to... |
| CVE-2005-2922 | 2006-03-23 | Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of... |
| CVE-2006-0323 | 2006-03-23 | Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted... |
| CVE-2006-1365 | 2006-03-23 | The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a... |
| CVE-2006-1366 | 2006-03-23 | Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code,... |
| CVE-2006-1367 | 2006-03-23 | The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio... |
| CVE-2006-1368 | 2006-03-23 | Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS... |
| CVE-2006-1369 | 2006-03-23 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in... |
| CVE-2006-1370 | 2006-03-23 | Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an... |
| CVE-2006-1371 | 2006-03-23 | Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php,... |
| CVE-2005-2711 | 2006-03-24 | ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help... |
| CVE-2006-1372 | 2006-03-24 | Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or... |
| CVE-2006-1373 | 2006-03-24 | Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter. |
| CVE-2006-1374 | 2006-03-24 | SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter. |
| CVE-2006-1375 | 2006-03-24 | AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php. |
| CVE-2006-1376 | 2006-03-24 | The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption). |
| CVE-2006-1377 | 2006-03-24 | Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter. |
| CVE-2006-1378 | 2006-03-24 | PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for... |
| CVE-2002-2209 | 2006-03-24 | Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors. |
| CVE-2003-1299 | 2006-03-24 | Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..."... |
| CVE-2003-1300 | 2006-03-24 | Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the... |
| CVE-2006-0816 | 2006-03-24 | Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the... |
| CVE-2006-1379 | 2006-03-24 | Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1)... |
| CVE-2006-1380 | 2006-03-24 | ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to... |
| CVE-2006-1381 | 2006-03-24 | Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. |
| CVE-2006-1382 | 2006-03-24 | PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter. |
| CVE-2006-1383 | 2006-03-24 | Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error... |
| CVE-2006-1384 | 2006-03-24 | Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via... |
| CVE-2006-1385 | 2006-03-24 | Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in... |
| CVE-2006-1388 | 2006-03-24 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors. |
| CVE-2006-1389 | 2006-03-25 | Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. |
| CVE-2006-1390 | 2006-03-25 | The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved... |
| CVE-2006-1391 | 2006-03-25 | The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) .... |
| CVE-2006-1386 | 2006-03-26 | The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore access control settings, which allows remote attackers to read restricted areas and access restricted content in TWiki... |
| CVE-2006-1387 | 2006-03-26 | TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote authenticated users with edit rights to cause a denial of service (infinite recursion leading to CPU and memory consumption) via INCLUDE... |
| CVE-2006-1392 | 2006-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in the login server in University of Washington Pubcookie 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to... |
| CVE-2006-1393 | 2006-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote... |
| CVE-2006-1394 | 2006-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow... |
| CVE-2006-1395 | 2006-03-26 | SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter.... |
| CVE-2006-1396 | 2006-03-26 | Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL Based Message Board allow remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information... |
| CVE-2006-1066 | 2006-03-27 | Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems with preemption enabled, allows local users to cause a denial of service (oops) via multiple ptrace tasks that perform single... |
| CVE-2006-0989 | 2006-03-28 | Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code... |
| CVE-2006-0990 | 2006-03-28 | Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code... |
| CVE-2006-0991 | 2006-03-28 | Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd... |
| CVE-2005-4744 | 2006-03-28 | Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly... |
| CVE-2005-4745 | 2006-03-28 | SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| CVE-2005-4746 | 2006-03-28 | Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". |
| CVE-2005-4747 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page. |
| CVE-2006-1397 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew and (b) phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) certain parameters to the... |
| CVE-2006-1398 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book 1.0 allows remote attackers to inject arbitrary web script or HTML via the g_message parameter. |
| CVE-2006-1399 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this... |
| CVE-2006-1400 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Task parameter. |
| CVE-2006-1401 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE:... |
| CVE-2006-1402 | 2006-03-28 | Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or... |
| CVE-2006-1403 | 2006-03-28 | Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands... |
| CVE-2006-1404 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in BlankOL 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file or (2) function parameter. |
| CVE-2006-1405 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in search.aspx in SweetSuite.NET Content Management System (ssCMS) 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. |
| CVE-2006-1406 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. |
| CVE-2006-1407 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to... |
| CVE-2006-1408 | 2006-03-28 | Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom... |
| CVE-2006-1409 | 2006-03-28 | Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet. |
| CVE-2006-1410 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or... |
| CVE-2006-1411 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the shownew parameter in gallery.asp and... |
| CVE-2006-1412 | 2006-03-28 | TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a... |
| CVE-2006-1413 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a)... |
| CVE-2006-1414 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in Toast Forums 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, (3)... |
| CVE-2006-1415 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter. |
| CVE-2006-1416 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute FAQ Manager .NET 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly... |
| CVE-2006-1417 | 2006-03-28 | Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1)... |
| CVE-2006-1418 | 2006-03-28 | Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. |
| CVE-2006-1419 | 2006-03-28 | SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php. |
| CVE-2006-1420 | 2006-03-28 | SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter. |
| CVE-2006-1421 | 2006-03-28 | Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid... |
| CVE-2006-1422 | 2006-03-28 | SQL injection vulnerability in details_view.php in PHP Booking Calendar 1.0c and earlier allows remote attackers to execute arbitrary SQL commands via the event_id parameter. |