# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
68601 |
CVE-2006-2224 |
287 |
|
|
2006-05-05 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. |
68602 |
CVE-2006-2223 |
20 |
|
+Info |
2006-05-05 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. |
68603 |
CVE-2006-2222 |
|
|
DoS Overflow |
2006-05-05 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters. |
68604 |
CVE-2006-2221 |
|
|
DoS |
2006-05-05 |
2018-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. |
68605 |
CVE-2006-2220 |
20 |
|
+Info |
2007-02-08 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message. |
68606 |
CVE-2006-2219 |
20 |
|
+Info |
2007-02-08 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message. |
68607 |
CVE-2006-2216 |
|
|
|
2006-05-05 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. |
68608 |
CVE-2006-2213 |
|
|
DoS |
2006-05-05 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. |
68609 |
CVE-2006-2212 |
|
|
Exec Code Overflow |
2006-05-05 |
2018-10-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. |
68610 |
CVE-2006-2211 |
|
|
|
2006-05-05 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter. |
68611 |
CVE-2006-2210 |
|
|
XSS Dir. Trav. |
2006-05-05 |
2018-10-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability. |
68612 |
CVE-2006-2209 |
|
|
Exec Code Sql |
2006-05-05 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
68613 |
CVE-2006-2208 |
|
|
XSS |
2006-05-05 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters. |
68614 |
CVE-2006-2205 |
|
|
DoS |
2006-05-05 |
2013-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. |
68615 |
CVE-2006-2204 |
|
|
Exec Code Sql Bypass |
2006-05-05 |
2018-10-18 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. |
68616 |
CVE-2006-2203 |
|
|
Bypass |
2006-05-05 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." |
68617 |
CVE-2006-2202 |
|
|
Exec Code Sql |
2006-05-04 |
2018-10-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. |
68618 |
CVE-2006-2201 |
|
|
|
2006-05-04 |
2018-10-18 |
4.3 |
User |
Local |
Low |
Single system |
Partial |
Partial |
Partial |
Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0. |
68619 |
CVE-2006-2200 |
119 |
|
DoS Exec Code Overflow |
2006-06-27 |
2011-08-02 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and (b) xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3) get_data, and (4) get_media_packet functions, and possibly other functions. |
68620 |
CVE-2006-2197 |
189 |
|
Exec Code Overflow |
2006-06-15 |
2018-10-03 |
6.5 |
User |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. |
68621 |
CVE-2006-2196 |
|
|
+Priv |
2006-06-26 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. |
68622 |
CVE-2006-2195 |
|
|
XSS |
2006-06-15 |
2017-07-19 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. |
68623 |
CVE-2006-2190 |
|
|
XSS |
2006-05-04 |
2017-07-19 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. |
68624 |
CVE-2006-2188 |
|
|
XSS |
2006-05-04 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. |
68625 |
CVE-2006-2187 |
|
|
XSS |
2006-05-04 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. |
68626 |
CVE-2006-2186 |
|
|
+Info |
2006-05-04 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message. |
68627 |
CVE-2006-2185 |
|
|
+Priv |
2006-05-22 |
2017-07-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. |
68628 |
CVE-2006-2184 |
|
|
XSS |
2006-05-04 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues." |
68629 |
CVE-2006-2182 |
|
|
Exec Code File Inclusion |
2006-05-04 |
2008-11-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. |
68630 |
CVE-2006-2181 |
79 |
|
XSS |
2006-05-04 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to dlisting.php or (2) preloadSlideShow parameter to showpic.php. |
68631 |
CVE-2006-2180 |
119 |
|
DoS Exec Code Overflow |
2006-05-04 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer. |
68632 |
CVE-2006-2178 |
79 |
|
Sql XSS |
2006-05-04 |
2017-07-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the (1) SessionID parameter to login.asp, (2) ProductIndex parameter to browse0.htm, (3) rowcolor parameter to result.asp, or (4) heading parameter to result.asp. NOTE: vectors 1 and 2 might be resultant from SQL injection. |
68633 |
CVE-2006-2177 |
|
|
XSS |
2006-05-04 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
68634 |
CVE-2006-2176 |
|
|
XSS |
2006-05-04 |
2017-07-19 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter. |
68635 |
CVE-2006-2175 |
|
|
Exec Code File Inclusion |
2006-05-04 |
2018-10-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php. |
68636 |
CVE-2006-2174 |
|
|
XSS |
2006-05-04 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. |
68637 |
CVE-2006-2173 |
|
|
DoS Exec Code Overflow |
2006-05-04 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. |
68638 |
CVE-2006-2171 |
|
|
Exec Code Overflow |
2006-05-04 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. |
68639 |
CVE-2006-2170 |
|
|
Exec Code Overflow |
2006-05-04 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. |
68640 |
CVE-2006-2169 |
|
|
+Info |
2006-05-04 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. |
68641 |
CVE-2006-2167 |
|
|
XSS |
2006-05-04 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. |
68642 |
CVE-2006-2166 |
|
|
|
2006-05-04 |
2018-10-30 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. |
68643 |
CVE-2006-2165 |
|
|
Sql XSS |
2006-05-04 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection. |
68644 |
CVE-2006-2163 |
|
|
XSS |
2006-05-04 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. |
68645 |
CVE-2006-2162 |
|
|
Exec Code Overflow |
2006-05-03 |
2018-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. |
68646 |
CVE-2006-2161 |
|
|
Exec Code Overflow |
2006-05-09 |
2018-10-18 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name. |
68647 |
CVE-2006-2160 |
|
|
XSS |
2006-05-03 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. |
68648 |
CVE-2006-2159 |
|
|
|
2006-05-03 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. |
68649 |
CVE-2006-2158 |
|
|
File Inclusion |
2006-05-03 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. |
68650 |
CVE-2006-2156 |
|
|
Dir. Trav. |
2006-05-03 |
2018-10-18 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. |