CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2006-4457 Exec Code File Inclusion 2006-08-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
52 CVE-2006-4456 Exec Code File Inclusion 2006-08-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
53 CVE-2006-4455 DoS 2006-08-30 2017-10-18
5.0
None Remote Low Not required None None Partial
** DISPUTED ** Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version".
54 CVE-2006-4454 XSS 2006-08-30 2017-07-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
55 CVE-2006-4453 XSS 2006-08-30 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".
56 CVE-2006-4452 Exec Code File Inclusion 2006-08-30 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter.
57 CVE-2006-4451 Exec Code 2006-08-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.
58 CVE-2006-4450 2006-08-29 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.
59 CVE-2006-4449 XSS 2006-08-29 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered by Internet Explorer.
60 CVE-2006-4448 Exec Code File Inclusion 2006-08-29 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/common.inc.php, and the (2) CONFIG[LANGUAGE_CPATH] parameter in (c) admin/autoprompter.php.
61 CVE-2006-4447 +Priv 2006-08-29 2010-09-15
7.2
Admin Local Low Not required Complete Complete Complete
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
62 CVE-2006-4446 DoS Exec Code Overflow 2006-08-29 2018-10-17
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argument specifies a large number of points.
63 CVE-2006-4445 Exec Code File Inclusion 2006-08-29 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.
64 CVE-2006-4444 Exec Code Sql 2006-08-29 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
65 CVE-2006-4443 Exec Code File Inclusion 2006-08-29 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.
66 CVE-2006-4442 XSS 2006-08-29 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from third party information.
67 CVE-2006-4441 Exec Code File Inclusion 2006-08-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
68 CVE-2006-4440 Exec Code File Inclusion 2006-08-29 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in main.php in Ay System Solutions CMS 2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter.
69 CVE-2006-4439 2006-08-29 2017-10-10
3.6
None Local Low Not required Partial Partial None
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
70 CVE-2006-4436 Bypass 2006-08-28 2017-07-19
5.0
None Remote Low Not required Partial None None
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.
71 CVE-2006-4435 DoS 2006-08-28 2017-07-19
4.9
None Local Low Not required None None Complete
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
72 CVE-2006-4434 399 DoS 2006-08-28 2011-03-10
5.0
None Remote Low Not required None None Partial
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
73 CVE-2006-4433 2006-08-28 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.
74 CVE-2006-4432 Dir. Trav. 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.
75 CVE-2006-4431 119 DoS Exec Code Overflow 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).
76 CVE-2006-4430 Bypass 2006-08-28 2018-10-30
5.0
None Remote Low Not required None Partial None
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
77 CVE-2006-4429 Exec Code File Inclusion 2006-08-28 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly.
78 CVE-2006-4428 Exec Code File Inclusion 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement.
79 CVE-2006-4427 +Priv Bypass 2006-08-28 2017-10-18
5.1
User Remote High Not required Partial Partial Partial
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
80 CVE-2006-4426 Exec Code File Inclusion 2006-08-28 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.
81 CVE-2006-4425 Exec Code File Inclusion 2006-08-28 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
82 CVE-2006-4424 Exec Code File Inclusion 2006-08-28 2017-10-18
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.
83 CVE-2006-4423 Exec Code File Inclusion 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.
84 CVE-2006-4422 Exec Code File Inclusion 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8.
85 CVE-2006-4421 XSS 2006-08-28 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.
86 CVE-2006-4420 Dir. Trav. 2006-08-28 2017-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.
87 CVE-2006-4419 Exec Code Sql 2006-08-28 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter.
88 CVE-2006-4418 Dir. Trav. 2006-08-28 2017-10-18
4.0
None Remote High Not required Partial Partial None
Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.
89 CVE-2006-4417 Exec Code Sql 2006-08-28 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
90 CVE-2006-4416 +Priv 2006-08-28 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.
91 CVE-2006-4380 DoS 2006-08-28 2017-10-10
2.1
None Local Low Not required None None Partial
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
92 CVE-2006-4378 Exec Code File Inclusion 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue.
93 CVE-2006-4377 Exec Code Sql 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.
94 CVE-2006-4376 XSS 2006-08-26 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.
95 CVE-2006-4375 Exec Code File Inclusion 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined.
96 CVE-2006-4374 DoS Overflow 2006-08-26 2018-10-17
2.6
None Remote High Not required None None Partial
IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.
97 CVE-2006-4373 Exec Code File Inclusion 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
98 CVE-2006-4372 Exec Code File Inclusion 2006-08-26 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
99 CVE-2006-4371 Dir. Trav. 2006-08-26 2018-10-17
4.0
None Remote Low Single system Partial None None
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
100 CVE-2006-4370 +Priv 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
Total number of vulnerabilities : 539   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.