CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2006-6870 DoS 2006-12-31 2010-09-15
5.0
None Remote Low Not required None None Partial
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
52 CVE-2006-6869 Dir. Trav. 2006-12-31 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
53 CVE-2006-6868 XSS 2006-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
54 CVE-2006-6867 Exec Code File Inclusion 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Vladimir Menshakov buratinable templator (aka bubla) 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the bu_dir parameter to (1) bu/bu_claro.php, (2) bu/bu_cache.php, or (3) bu/bu_parse.php, different vectors and a different affected version than CVE-2006-6809.
55 CVE-2006-6866 +Info 2006-12-31 2017-10-18
7.8
None Remote Low Not required Complete None None
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
56 CVE-2006-6865 Dir. Trav. Bypass 2006-12-31 2018-10-17
7.8
None Remote Low Not required None None Complete
Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp in SoftArtisans FileUp (SAFileUp) 5.0.14 allows remote attackers to read arbitrary files via a %c0%ae. (Unicode dot dot) in the path parameter, which bypasses the checks for ".." sequences.
57 CVE-2006-6864 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
58 CVE-2006-6863 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
59 CVE-2006-6862 XSS 2006-12-31 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp.
60 CVE-2006-6861 Exec Code Sql 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
61 CVE-2006-6860 Exec Code Overflow 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
62 CVE-2006-6859 Exec Code Sql 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
63 CVE-2006-6858 2006-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client.
64 CVE-2006-6857 XSS 2006-12-31 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
65 CVE-2006-6856 Exec Code 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in WebText CMS 0.4.5.2 and earlier allows remote attackers to inject arbitrary PHP code into a script in wt/users/ via the im parameter during a profile edit (edycja) operation, which is then executed via a direct request for this script.
66 CVE-2006-6855 DoS 2006-12-31 2017-10-18
5.0
None Remote Low Not required None None Partial
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information.
67 CVE-2006-6854 Exec Code Mem. Corr. 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
The qcamvc_video_init function in qcamvc.c in De Marchi Daniele QuickCam VC Linux device driver (aka quickcam-vc) 1.0.9 and earlier does not properly check a boundary, triggering memory corruption, which might allow attackers to execute arbitrary code via a crafted QuickCam object.
68 CVE-2006-6853 Exec Code Overflow 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
69 CVE-2006-6852 20 Exec Code 2006-12-31 2008-11-11
6.0
User Remote Medium Single system Partial Partial Partial
Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. NOTE: some of these details are obtained from third party information.
70 CVE-2006-6851 XSS 2006-12-31 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter.
71 CVE-2006-6850 Exec Code File Inclusion 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include.php in the Roster Module (character_roster) in Shadowed Portal 5.7 allows remote attackers to execute arbitrary PHP code via a URL in the mod_root parameter.
72 CVE-2006-6849 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
administration/index.php in Cahier de texte (CDT) 2.2 does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions.
73 CVE-2006-6848 89 Exec Code Sql 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter.
74 CVE-2006-6847 DoS 2006-12-31 2017-10-18
5.0
None Remote Low Not required None None Partial
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
75 CVE-2006-6846 Exec Code Sql 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in While You Were Out (WYWO) InOut Board 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the num parameter in (a) phonemessage.asp, (2) the catcode parameter in (b) faqDsp.asp, and the (3) Username and (4) Password fields in (c) login.asp.
76 CVE-2006-6845 XSS 2006-12-31 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action.
77 CVE-2006-6844 XSS 2006-12-31 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form.
78 CVE-2006-6843 Exec Code File Inclusion 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 beta component for Joomla! allows remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
79 CVE-2006-6842 Exec Code Sql 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin_acronyms.php in the Acronym Mod 0.9.5 for phpBB2 Plus 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter.
80 CVE-2006-6841 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
81 CVE-2006-6840 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
82 CVE-2006-6839 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
83 CVE-2006-6838 +Info 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
84 CVE-2006-6837 Exec Code Overflow 2006-12-31 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.
85 CVE-2006-6836 2006-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
86 CVE-2006-6835 Exec Code Sql 2006-12-31 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Journal.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the w parameter to journal.php.
87 CVE-2006-6834 2006-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes."
88 CVE-2006-6833 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
com_categories in Joomla! before 1.0.12 does not validate input, which has unknown impact and remote attack vectors.
89 CVE-2006-6832 79 XSS 2006-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
90 CVE-2006-6831 Exec Code Sql 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode parameter.
91 CVE-2006-6830 Exec Code File Inclusion 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the index parameter.
92 CVE-2006-6829 +Info 2006-12-31 2008-09-05
7.8
None Remote Low Not required Complete None None
Efkan Forum 1.0 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
93 CVE-2006-6828 Exec Code Sql 2006-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the grup parameter in admin.asp, or the id parameter in (2) default.asp or (3) admin.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. The default.asp/grup vector is already covered by CVE-2006-6794.
94 CVE-2006-6827 DoS 2006-12-31 2017-10-18
5.0
None Remote Low Not required None None Partial
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
95 CVE-2006-6826 2006-12-29 2017-07-28
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."
96 CVE-2006-6825 +Info 2006-12-29 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Calendar MX BASIC 1.0.2 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for calendar.mdb. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
97 CVE-2006-6824 79 XSS 2006-12-29 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. NOTE: it was later reported that vectors b, c, and d also affect 2.24.
98 CVE-2006-6823 Exec Code File Inclusion 2006-12-29 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in plugins/metasearch/plug.inc.php in Yrch! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
99 CVE-2006-6822 2006-12-29 2017-10-18
3.5
None Remote Medium Single system None Partial None
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
100 CVE-2006-6821 2006-12-29 2017-10-18
3.5
None Remote Medium Single system None Partial None
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
Total number of vulnerabilities : 738   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.