CVE List - 2006 / April
Showing 101 - 200 of 632 CVEs for April 2006 (Page 2 of 7)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-1650 | 2006-04-06 | Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location... |
| CVE-2006-1651 | 2006-04-06 | Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this... |
| CVE-2006-1652 | 2006-04-06 | Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends... |
| CVE-2006-1653 | 2006-04-06 | PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. |
| CVE-2006-1654 | 2006-04-06 | Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a ..... |
| CVE-2006-1655 | 2006-04-06 | Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this... |
| CVE-2006-1646 | 2006-04-06 | The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other... |
| CVE-2006-1656 | 2006-04-06 | vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. |
| CVE-2006-1614 | 2006-04-06 | Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of... |
| CVE-2006-1615 | 2006-04-06 | Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether... |
| CVE-2006-1629 | 2006-04-06 | OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. |
| CVE-2006-1630 | 2006-04-06 | The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." |
| CVE-2005-4770 | 2006-04-07 | SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of... |
| CVE-2005-4772 | 2006-04-07 | liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify... |
| CVE-2006-1657 | 2006-04-07 | Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered... |
| CVE-2006-1658 | 2006-04-07 | Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T.... |
| CVE-2006-1659 | 2006-04-07 | Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid... |
| CVE-2006-1660 | 2006-04-07 | Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is... |
| CVE-2006-1661 | 2006-04-07 | Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter... |
| CVE-2006-1662 | 2006-04-07 | The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. |
| CVE-2006-1664 | 2006-04-07 | Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. |
| CVE-2006-1665 | 2006-04-07 | Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a)... |
| CVE-2006-1666 | 2006-04-07 | SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter. |
| CVE-2006-1667 | 2006-04-07 | SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands... |
| CVE-2006-1668 | 2006-04-07 | newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a... |
| CVE-2006-1669 | 2006-04-07 | SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged... |
| CVE-2006-1670 | 2006-04-07 | Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (memory exhaustion and possibly card reset) by sending... |
| CVE-2006-1671 | 2006-04-07 | Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet... |
| CVE-2006-1672 | 2006-04-07 | The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission... |
| CVE-2006-1673 | 2006-04-07 | Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. |
| CVE-2005-4768 | 2006-04-07 | SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php. |
| CVE-2005-4769 | 2006-04-07 | SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter. NOTE: the provenance of this information is... |
| CVE-2005-4771 | 2006-04-07 | Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device... |
| CVE-2004-2655 | 2006-04-08 | rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password... |
| CVE-2006-0951 | 2006-04-08 | The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan... |
| CVE-2006-0053 | 2006-04-10 | Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a... |
| CVE-2006-0996 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large... |
| CVE-2006-1494 | 2006-04-10 | Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. |
| CVE-2006-1608 | 2006-04-10 | The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. |
| CVE-2006-1675 | 2006-04-10 | Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a)... |
| CVE-2006-1674 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. |
| CVE-2006-1522 | 2006-04-10 | The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 and 2.6.17-rc1, and possibly earlier versions, allows local users to cause a denial of service (OOPS) via keyctl requests... |
| CVE-2006-1549 | 2006-04-10 | PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party... |
| CVE-2006-1676 | 2006-04-10 | SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary... |
| CVE-2006-1677 | 2006-04-10 | MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php. |
| CVE-2006-1678 | 2006-04-10 | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. |
| CVE-2006-1679 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. |
| CVE-2006-1680 | 2006-04-10 | Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. |
| CVE-2006-1681 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error,... |
| CVE-2006-1682 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/... |
| CVE-2006-1683 | 2006-04-10 | SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. |
| CVE-2006-1684 | 2006-04-10 | Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. |
| CVE-2006-1685 | 2006-04-10 | Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and... |
| CVE-2006-1686 | 2006-04-10 | Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. |
| CVE-2006-1687 | 2006-04-10 | Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the... |
| CVE-2006-1688 | 2006-04-10 | Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via... |
| CVE-2006-1689 | 2006-04-10 | Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. |
| CVE-2006-1060 | 2006-04-11 | Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such... |
| CVE-2006-1690 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. |
| CVE-2006-1691 | 2006-04-11 | SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php. |
| CVE-2006-1692 | 2006-04-11 | Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name... |
| CVE-2006-1693 | 2006-04-11 | Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. |
| CVE-2006-1694 | 2006-04-11 | SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| CVE-2006-1695 | 2006-04-11 | The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files... |
| CVE-2006-1696 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. |
| CVE-2006-1697 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields... |
| CVE-2006-1698 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country... |
| CVE-2006-1699 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode. |
| CVE-2006-1700 | 2006-04-11 | Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. |
| CVE-2006-1701 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php. |
| CVE-2006-1702 | 2006-04-11 | PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. |
| CVE-2006-1703 | 2006-04-11 | PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. |
| CVE-2006-1704 | 2006-04-11 | Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. |
| CVE-2006-1705 | 2006-04-11 | Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations... |
| CVE-2006-1706 | 2006-04-11 | Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr,... |
| CVE-2006-1707 | 2006-04-11 | index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. |
| CVE-2006-1708 | 2006-04-11 | SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. |
| CVE-2006-1709 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. |
| CVE-2006-1710 | 2006-04-11 | SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. |
| CVE-2006-1711 | 2006-04-11 | Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. |
| CVE-2006-1712 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. |
| CVE-2006-0015 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack... |
| CVE-2006-1185 | 2006-04-11 | Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. |
| CVE-2006-1186 | 2006-04-11 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which... |
| CVE-2006-1188 | 2006-04-11 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. |
| CVE-2006-1189 | 2006-04-11 | Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte... |
| CVE-2006-1190 | 2006-04-11 | Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in... |
| CVE-2006-1191 | 2006-04-11 | Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and... |
| CVE-2006-1192 | 2006-04-11 | Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow... |
| CVE-2006-1713 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
| CVE-2006-1714 | 2006-04-11 | CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. |
| CVE-2006-1715 | 2006-04-11 | Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack... |
| CVE-2006-1716 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.... |
| CVE-2006-1717 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2006-1718 | 2006-04-11 | Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via... |
| CVE-2006-1719 | 2006-04-11 | Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. |
| CVE-2006-1720 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue... |
| CVE-2006-1721 | 2006-04-11 | digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation... |
| CVE-2006-1722 | 2006-04-11 | Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. |
| CVE-2006-0003 | 2006-04-12 | Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to... |