CVE List - 2006 / March
Showing 301 - 400 of 585 CVEs for March 2006 (Page 4 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-1182 | 2006-03-16 | Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe Document Server (ADS) 5.0 and 6.0 allows local users to read files with certain extensions or overwrite arbitrary files and... |
| CVE-2006-1245 | 2006-03-17 | Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script... |
| CVE-2006-1246 | 2006-03-17 | Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability. |
| CVE-2006-1248 | 2006-03-17 | Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all... |
| CVE-2006-1249 | 2006-03-19 | Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field... |
| CVE-2006-1250 | 2006-03-19 | Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. |
| CVE-2006-1251 | 2006-03-19 | Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which... |
| CVE-2006-1252 | 2006-03-19 | Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. |
| CVE-2006-1253 | 2006-03-19 | Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. |
| CVE-2006-1254 | 2006-03-19 | Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details... |
| CVE-2006-1255 | 2006-03-19 | Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code... |
| CVE-2006-1256 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. |
| CVE-2006-1257 | 2006-03-19 | The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and... |
| CVE-2006-1258 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. |
| CVE-2006-1259 | 2006-03-19 | Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. |
| CVE-2006-1260 | 2006-03-19 | Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. |
| CVE-2006-1261 | 2006-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1262 | 2006-03-19 | Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. |
| CVE-2006-1263 | 2006-03-19 | Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1264 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. |
| CVE-2006-1265 | 2006-03-19 | SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter. |
| CVE-2006-1266 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. |
| CVE-2006-1267 | 2006-03-19 | Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. |
| CVE-2006-1268 | 2006-03-19 | The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by... |
| CVE-2006-1269 | 2006-03-19 | Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled... |
| CVE-2006-1270 | 2006-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the... |
| CVE-2006-1271 | 2006-03-19 | SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. |
| CVE-2006-1272 | 2006-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn,... |
| CVE-2006-1273 | 2006-03-19 | Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload... |
| CVE-2006-1274 | 2006-03-19 | Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan... |
| CVE-2006-1275 | 2006-03-19 | GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ' (apostrophe) character on the ID... |
| CVE-2006-1276 | 2006-03-19 | admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. |
| CVE-2006-1277 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login... |
| CVE-2006-1278 | 2006-03-19 | SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory,... |
| CVE-2006-1279 | 2006-03-19 | CGI::Session 4.03-1 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by (1) Driver::File, (2) Driver::db_file, and possibly (3) Driver::sqlite. |
| CVE-2006-1280 | 2006-03-19 | CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by... |
| CVE-2006-1281 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in member.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vulnerability than CVE-2006-1272. NOTE:... |
| CVE-2006-1282 | 2006-03-19 | CRLF injection vulnerability in inc/function.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to conduct cross-site scripting (XSS), poison caches, or hijack pages via CRLF (%0A%0D) sequences in the Referrer HTTP... |
| CVE-2003-1296 | 2006-03-19 | Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an "empty symbol" in the Title field or (2) certain data... |
| CVE-2005-4732 | 2006-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2)... |
| CVE-2005-4734 | 2006-03-19 | Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long... |
| CVE-2005-4743 | 2006-03-19 | Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. |
| CVE-2006-1284 | 2006-03-19 | The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, includes a default administrator login account and password, which allows local... |
| CVE-2006-1285 | 2006-03-19 | SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which... |
| CVE-2006-1286 | 2006-03-19 | Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, might allow local users to... |
| CVE-2006-1287 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060130 allows remote attackers to steal cookies and probably conduct other activities when the victim is using... |
| CVE-2006-1288 | 2006-03-19 | Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to (1) arrays of id/stamp... |
| CVE-2006-1289 | 2006-03-19 | Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5)... |
| CVE-2006-1290 | 2006-03-19 | Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ipAddress, (2) act, (3) username,... |
| CVE-2006-1291 | 2006-03-19 | publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and... |
| CVE-2006-1292 | 2006-03-19 | Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a... |
| CVE-2006-1293 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). |
| CVE-2006-1294 | 2006-03-19 | PHP remote file include vulnerability in PageController.php in KnowledgebasePublisher 1.2 allows remote attackers to include and execute arbitrary PHP code via a URL in the dir parameter. |
| CVE-2006-1295 | 2006-03-19 | Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter. |
| CVE-2006-1296 | 2006-03-19 | Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the... |
| CVE-2006-1297 | 2006-03-19 | Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0... |
| CVE-2006-1298 | 2006-03-19 | Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers... |
| CVE-2003-1297 | 2006-03-19 | Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers... |
| CVE-2005-4733 | 2006-03-19 | NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter... |
| CVE-2005-4735 | 2006-03-19 | IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka... |
| CVE-2005-4736 | 2006-03-19 | IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite... |
| CVE-2005-4737 | 2006-03-19 | IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents... |
| CVE-2005-4738 | 2006-03-19 | IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated... |
| CVE-2005-4739 | 2006-03-19 | IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for... |
| CVE-2005-4740 | 2006-03-19 | IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." |
| CVE-2005-4741 | 2006-03-19 | NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without... |
| CVE-2005-4742 | 2006-03-19 | Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors. |
| CVE-2006-1319 | 2006-03-20 | chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which... |
| CVE-2006-1320 | 2006-03-20 | util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to... |
| CVE-2006-1321 | 2006-03-20 | Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a... |
| CVE-2006-1322 | 2006-03-20 | Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to... |
| CVE-2006-1323 | 2006-03-20 | Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file... |
| CVE-2006-1061 | 2006-03-21 | Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. |
| CVE-2006-1324 | 2006-03-21 | Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error... |
| CVE-2006-1325 | 2006-03-21 | Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1326 | 2006-03-21 | Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums,... |
| CVE-2006-1327 | 2006-03-21 | SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter. |
| CVE-2006-1328 | 2006-03-21 | SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter. |
| CVE-2006-1329 | 2006-03-21 | The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza". |
| CVE-2006-1330 | 2006-03-21 | Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. |
| CVE-2006-1331 | 2006-03-21 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list... |
| CVE-2006-1332 | 2006-03-21 | Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error... |
| CVE-2006-1333 | 2006-03-21 | Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to... |
| CVE-2006-1334 | 2006-03-21 | Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. |
| CVE-2006-1335 | 2006-03-21 | gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session... |
| CVE-2006-0745 | 2006-03-21 | X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which... |
| CVE-2006-1336 | 2006-03-21 | Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month,... |
| CVE-2006-1337 | 2006-03-21 | Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code... |
| CVE-2006-1338 | 2006-03-21 | Webmail in MailEnable Professional Edition before 1.73 and Enterprise Edition before 1.21 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors involving "incorrectly encoded quoted-printable... |
| CVE-2006-1339 | 2006-03-21 | Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and... |
| CVE-2006-1340 | 2006-03-21 | CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path. |
| CVE-2006-1341 | 2006-03-21 | SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. |
| CVE-2006-1342 | 2006-03-21 | net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain... |
| CVE-2006-1343 | 2006-03-21 | net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local... |
| CVE-2006-1344 | 2006-03-22 | Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the... |
| CVE-2006-1345 | 2006-03-22 | polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message. |
| CVE-2006-1346 | 2006-03-22 | Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter,... |
| CVE-2006-1347 | 2006-03-22 | SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2006-1348 | 2006-03-22 | Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected... |
| CVE-2006-1349 | 2006-03-22 | Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show... |