CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 5 and 5.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
18251 CVE-2006-1153 Exec Code Sql 2006-03-10 2017-10-18
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB).
18252 CVE-2006-1152 File Inclusion 2006-03-10 2017-07-19
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
18253 CVE-2006-1151 XSS 2006-03-10 2018-10-18
5.0
None Remote Low Not required None Partial None
Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.
18254 CVE-2006-1142 2006-03-10 2017-07-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows remote attackers to access arbitrary rvplg files, with unknown impact.
18255 CVE-2006-1138 DoS Mem. Corr. 2006-03-09 2018-10-04
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors.
18256 CVE-2006-1137 DoS 2006-03-09 2018-10-04
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports".
18257 CVE-2006-1136 DoS Overflow 2006-03-09 2018-09-27
5.0
None Remote Low Not required None None Partial
Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors.
18258 CVE-2006-1134 Exec Code Sql 2006-03-09 2018-10-18
5.1
User Remote High Not required Partial Partial Partial
SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php.
18259 CVE-2006-1118 Exec Code Sql 2006-03-09 2017-07-19
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets.
18260 CVE-2006-1116 Bypass 2006-03-09 2018-10-18
5.0
None Remote Low Not required None Partial None
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
18261 CVE-2006-1113 Exec Code Sql 2006-03-09 2018-10-18
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
18262 CVE-2006-1112 +Info 2006-03-09 2018-10-18
5.0
None Remote Low Not required Partial None None
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.
18263 CVE-2006-1105 +Info 2006-03-09 2018-10-18
5.0
None Remote Low Not required Partial None None
Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
18264 CVE-2006-1103 DoS 2006-03-09 2018-10-18
5.0
None Remote Low Not required None None Partial
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
18265 CVE-2006-1102 DoS 2006-03-09 2018-10-18
5.0
None Remote Low Not required None None Partial
Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension.
18266 CVE-2006-1101 DoS 2006-03-09 2018-10-18
5.0
None Remote Low Not required None None Partial
The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint.
18267 CVE-2006-1088 +Info 2006-03-08 2018-10-18
5.0
None Remote Low Not required Partial None None
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix.
18268 CVE-2006-1074 DoS 2006-03-08 2018-10-18
5.0
None Remote Low Not required None None Partial
Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.
18269 CVE-2006-1067 DoS 2006-03-07 2018-10-18
5.0
None Remote Low Not required None None Partial
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
18270 CVE-2006-1065 Exec Code Sql 2006-03-07 2018-10-18
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) 1.04 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter.
18271 CVE-2006-1063 2006-03-07 2017-07-19
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox".
18272 CVE-2006-1062 2006-03-07 2017-07-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier allows attackers to read arbitrary files via unknown vectors.
18273 CVE-2006-1048 +Priv Bypass 2006-03-07 2017-07-19
5.0
None Remote Low Not required Partial None None
Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search.
18274 CVE-2006-1046 DoS 2006-03-07 2017-07-19
5.0
None Remote Low Not required None None Partial
server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output.
18275 CVE-2006-1043 119 Exec Code Overflow 2006-03-07 2018-10-18
5.1
User Remote High Not required Partial Partial Partial
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).
18276 CVE-2006-1030 +Info 2006-03-06 2017-07-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via an unspecified attack vector that reveals the path.
18277 CVE-2006-1027 +Info 2006-03-06 2018-10-18
5.0
None Remote Low Not required Partial None None
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
18278 CVE-2006-1023 Dir. Trav. 2006-03-06 2018-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
18279 CVE-2006-1022 Exec Code 2006-03-06 2018-10-18
5.0
None Remote Low Not required None Partial None
PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to include and execute arbitrary PHP code via a URL in the uye_klasor parameter, along with a misafir[] parameter that is set to UYE_SEVIYE.
18280 CVE-2006-1008 Sql XSS 2006-03-06 2018-10-18
5.8
None Remote Medium Not required None Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
18281 CVE-2006-1003 +Priv +Info 2006-03-06 2017-07-19
5.0
None Remote Low Not required Partial None None
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
18282 CVE-2006-1001 Exec Code Sql 2006-03-06 2017-10-18
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.
18283 CVE-2006-0999 2006-03-23 2017-07-19
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
18284 CVE-2006-0998 2006-03-23 2017-07-19
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) sometimes selects a weak cipher instead of an available stronger cipher, which makes it easier for remote attackers to sniff and decrypt an SSL protected session.
18285 CVE-2006-0997 2006-03-23 2017-07-19
5.0
None Remote Low Not required Partial None None
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) permits encryption with a NULL key, which results in cleartext communication that allows remote attackers to read an SSL protected session by sniffing network traffic.
18286 CVE-2006-0995 DoS 2006-03-03 2017-07-19
5.0
None Remote Low Not required None None Partial
EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error.
18287 CVE-2006-0993 +Info 2006-05-09 2018-10-18
5.0
None Remote Low Not required Partial None None
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
18288 CVE-2006-0987 DoS 2006-03-03 2018-10-18
5.0
None Remote Low Not required None None Partial
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
18289 CVE-2006-0986 +Info 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.
18290 CVE-2006-0982 Bypass 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
18291 CVE-2006-0977 2006-03-03 2018-10-18
5.0
None Remote Low Not required None Partial None
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
18292 CVE-2006-0976 22 Dir. Trav. 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in scan_lang_insert.php in Boris Herbiniere-Seve SPiD 1.3.1 allows remote attackers to read arbitrary files via the lang parameter.
18293 CVE-2006-0972 Exec Code Sql 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846.
18294 CVE-2006-0971 Dir. Trav. 2006-03-03 2018-10-18
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
18295 CVE-2006-0960 DoS 2006-03-02 2017-07-19
5.0
None Remote Low Not required None None Partial
uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778.
18296 CVE-2006-0949 2006-03-06 2017-07-19
5.0
None Remote Low Not required Partial None None
RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters.
18297 CVE-2006-0937 +Info 2006-02-28 2017-07-19
5.0
None Remote Low Not required Partial None None
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password.
18298 CVE-2006-0932 Dir. Trav. 2006-02-28 2018-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in zip.lib.php 0.1.1 in PEAR::Archive_Zip allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a ZIP archive.
18299 CVE-2006-0931 22 Dir. Trav. 2006-02-28 2018-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other versions before 1.3.2, allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a TAR archive.
18300 CVE-2006-0928 +Info 2006-02-28 2018-10-18
5.0
None Remote Low Not required Partial None None
The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code.
Total number of vulnerabilities : 22537   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 (This Page)367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.