| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
68901 |
CVE-2006-1802 |
|
|
XSS |
2006-04-18 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album parameter. |
|
68902 |
CVE-2006-1801 |
|
|
XSS |
2006-04-18 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter. |
|
68903 |
CVE-2006-1797 |
|
|
DoS |
2006-04-18 |
2017-07-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The kernel in NetBSD-current before September 28, 2005 allows local users to cause a denial of service (system crash) by using the SIOCGIFALIAS ioctl to gather information on a non-existent alias of a network interface, which causes a NULL pointer dereference. |
|
68904 |
CVE-2006-1796 |
|
|
XSS |
2006-04-17 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). |
|
68905 |
CVE-2006-1795 |
|
|
XSS |
2006-04-17 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI Network Enterprise @1 Table Publisher 2006-03-23 allows remote attackers to inject arbitrary web script or HTML via the Title of Table field. |
|
68906 |
CVE-2006-1789 |
|
|
Dir. Trav. |
2006-04-13 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. |
|
68907 |
CVE-2006-1788 |
|
|
|
2006-04-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user IDs via brute force attacks. |
|
68908 |
CVE-2006-1787 |
|
|
|
2006-04-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Adobe Document Server for Reader Extensions 6.0 includes a user's session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that session. |
|
68909 |
CVE-2006-1786 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue. |
|
68910 |
CVE-2006-1785 |
|
|
|
2006-04-13 |
2018-10-18 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries. |
|
68911 |
CVE-2006-1784 |
|
|
Exec Code File Inclusion |
2006-04-13 |
2017-10-18 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. |
|
68912 |
CVE-2006-1783 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. |
|
68913 |
CVE-2006-1782 |
|
|
|
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. |
|
68914 |
CVE-2006-1780 |
|
|
DoS |
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. |
|
68915 |
CVE-2006-1779 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. |
|
68916 |
CVE-2006-1775 |
|
|
XSS |
2006-04-13 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the (1) Site Description field in (a) admin_board.php, the (2) Group name and (3) Group description fields in (b) admin_groups.php and (c) groupcp.php, the (4) Theme Name field in (d) admin_styles.php, and the (5) Rank Title field in (e) admin_ranks.php. NOTE: the profile.php/Current password vector is already covered by CVE-2006-1603. |
|
68917 |
CVE-2006-1773 |
|
|
Exec Code Sql |
2006-04-13 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to execute arbitrary SQL commands via the contentid parameter, possibly involving content/news.php. |
|
68918 |
CVE-2006-1769 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila 9.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the mode parameter in msgReader$1 and (2) the end of the URI in viewDepartment$. |
|
68919 |
CVE-2006-1768 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_name, (2) newuser_email, and (3) newuser_hp parameters in the faction=register mode in index.php. |
|
68920 |
CVE-2006-1766 |
|
|
Exec Code Sql |
2006-04-13 |
2017-07-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php. |
|
68921 |
CVE-2006-1765 |
|
|
XSS |
2006-04-13 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter. |
|
68922 |
CVE-2006-1763 |
|
|
Exec Code Sql |
2006-04-12 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). |
|
68923 |
CVE-2006-1761 |
|
|
XSS |
2006-04-12 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name. |
|
68924 |
CVE-2006-1760 |
79 |
|
XSS |
2006-04-12 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the name parameter in Orange.view/slideshow.php. |
|
68925 |
CVE-2006-1759 |
|
|
XSS |
2006-04-12 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. |
|
68926 |
CVE-2006-1757 |
|
|
XSS |
2006-04-12 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. |
|
68927 |
CVE-2006-1753 |
|
|
|
2006-04-18 |
2017-07-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. |
|
68928 |
CVE-2006-1752 |
|
|
XSS |
2006-04-12 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment. |
|
68929 |
CVE-2006-1750 |
79 |
|
XSS |
2006-04-12 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters. |
|
68930 |
CVE-2006-1748 |
|
|
XSS |
2006-04-12 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. |
|
68931 |
CVE-2006-1746 |
22 |
|
Dir. Trav. |
2006-04-12 |
2017-07-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. |
|
68932 |
CVE-2006-1745 |
|
|
XSS |
2006-04-12 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
68933 |
CVE-2006-1744 |
|
|
Exec Code Overflow |
2006-04-12 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. |
|
68934 |
CVE-2006-1742 |
|
|
Mem. Corr. |
2006-04-14 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memory and cause memory corruption. |
|
68935 |
CVE-2006-1741 |
79 |
|
XSS |
2006-04-14 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". |
|
68936 |
CVE-2006-1740 |
|
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to spoof secure site indicators such as the locked icon by opening the trusted site in a popup window, then changing the location to a malicious site. |
|
68937 |
CVE-2006-1738 |
|
|
DoS |
2006-04-14 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) by changing the (1) -moz-grid and (2) -moz-grid-group display styles. |
|
68938 |
CVE-2006-1736 |
|
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. |
|
68939 |
CVE-2006-1734 |
|
|
Exec Code |
2006-04-14 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watch method to access the "clone parent" internal function. |
|
68940 |
CVE-2006-1733 |
264 |
|
Exec Code |
2006-04-14 |
2018-10-18 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL bindings, which allows remote attackers to execute arbitrary code via the (1) valueOf.call or (2) valueOf.apply methods of an XBL binding, or (3) "by inserting an XBL method into the DOM's document.body prototype chain." |
|
68941 |
CVE-2006-1732 |
|
|
XSS Bypass |
2006-04-14 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to bypass same-origin protections and conduct cross-site scripting (XSS) attacks via unspecified vectors involving the window.controllers array. |
|
68942 |
CVE-2006-1731 |
79 |
|
XSS |
2006-04-14 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. |
|
68943 |
CVE-2006-1729 |
20 |
|
|
2006-04-14 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. |
|
68944 |
CVE-2006-1725 |
264 |
|
|
2006-04-14 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code. |
|
68945 |
CVE-2006-1722 |
|
|
XSS |
2006-04-11 |
2017-07-19 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. |
|
68946 |
CVE-2006-1721 |
20 |
|
DoS |
2006-04-11 |
2018-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. |
|
68947 |
CVE-2006-1720 |
|
|
Sql XSS |
2006-04-11 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. |
|
68948 |
CVE-2006-1719 |
|
|
DoS |
2006-04-11 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. |
|
68949 |
CVE-2006-1718 |
|
|
|
2006-04-11 |
2018-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. |
|
68950 |
CVE-2006-1717 |
|
|
XSS |
2006-04-11 |
2018-10-18 |
5.1 |
User |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. |
