Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p.
Max CVSS
5.0
EPSS Score
0.66%
Published
2006-01-31
Updated
2018-10-19
Cisco VPN 3000 series concentrators running software 4.7.0 through 4.7.2.A allow remote attackers to cause a denial of service (device reload or user disconnect) via a crafted HTTP packet.
Max CVSS
7.8
EPSS Score
1.81%
Published
2006-01-31
Updated
2018-10-30
Linux kernel 2.6.15.1 and earlier, when running on SPARC architectures, allows local users to cause a denial of service (hang) via a "date -s" command, which causes invalid sign extended arguments to be provided to the get_compat_timespec function call.
Max CVSS
2.1
EPSS Score
0.06%
Published
2006-01-31
Updated
2017-07-20
Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.
Max CVSS
5.0
EPSS Score
2.58%
Published
2006-01-31
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.
Max CVSS
4.3
EPSS Score
0.48%
Published
2006-01-31
Updated
2018-10-19
pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
0.71%
Published
2006-01-31
Updated
2017-07-20
CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. NOTE: the vendor states "The initial announcement of this risk was made on our website... and it included a patch which will close the vulnerability on all known 6.0x and 6.1x releases. We strongly encourage users of CRE Loaded 6.x, osCMax, and other users of osCommerce who have installed HTMLArea based WYSIWYG editors and Admin Access with Levels to modify thier installations at the earliest possible moment."
Max CVSS
7.5
EPSS Score
9.65%
Published
2006-01-31
Updated
2017-07-20
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
Max CVSS
7.5
EPSS Score
8.56%
Published
2006-01-31
Updated
2017-07-20

CVE-2006-0476

Public exploit
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
Max CVSS
7.6
EPSS Score
72.53%
Published
2006-01-31
Updated
2018-10-19
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
Max CVSS
5.0
EPSS Score
1.36%
Published
2006-01-31
Updated
2017-07-20
Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.
Max CVSS
7.5
EPSS Score
9.50%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in the bbcode function in weblog.php in my little homepage my little weblog, as last modified in April 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.89%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.56%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in the bbcode function in functions.php in my little homepage my little forum, as last modified in June 2005, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags.
Max CVSS
4.3
EPSS Score
1.56%
Published
2006-01-31
Updated
2018-10-19
Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.
Max CVSS
4.3
EPSS Score
1.52%
Published
2006-01-31
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.
Max CVSS
4.3
EPSS Score
0.65%
Published
2006-01-30
Updated
2018-10-19
CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.
Max CVSS
7.5
EPSS Score
26.12%
Published
2006-01-30
Updated
2018-10-19
Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.
Max CVSS
5.0
EPSS Score
6.49%
Published
2006-01-31
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter.
Max CVSS
4.3
EPSS Score
0.26%
Published
2006-01-27
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.
Max CVSS
4.3
EPSS Score
0.12%
Published
2006-01-27
Updated
2008-09-05
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2006-01-27
Updated
2008-09-05
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php.
Max CVSS
4.3
EPSS Score
0.15%
Published
2006-01-27
Updated
2008-09-05
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2006-01-27
Updated
2017-07-20
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).
Max CVSS
4.3
EPSS Score
1.17%
Published
2006-01-27
Updated
2018-10-19
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.
Max CVSS
5.0
EPSS Score
2.11%
Published
2006-01-27
Updated
2018-10-19
381 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!