CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16401 CVE-2006-1025 XSS 2006-03-06 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
16402 CVE-2006-1015 2006-03-06 2018-10-30
6.4
None Remote Low Not required Partial Partial None
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.
16403 CVE-2006-1010 DoS Exec Code Overflow 2006-03-06 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in socket/request.c in CrossFire before 1.9.0, when oldsocketmode is enabled, allows remote attackers to cause a denial of service (segmentation fault) and possibly execute code by sending the server a large request.
16404 CVE-2006-1005 +Info 2006-03-06 2008-09-05
6.4
None Remote Low Not required None Partial Partial
agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
16405 CVE-2006-0945 94 Exec Code 2006-02-28 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter.
16406 CVE-2006-0936 2006-02-28 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
16407 CVE-2006-0921 Dir. Trav. 2006-02-28 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in connector.php in FCKeditor 2.0 FC, as used in products such as RunCMS, allow remote attackers to list and create arbitrary directories via a .. (dot dot) in the CurrentFolder parameter to (1) GetFoldersAndFiles and (2) CreateFolder.
16408 CVE-2006-0871 Sql Dir. Trav. 2006-02-24 2008-09-10
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
16409 CVE-2006-0869 Dir. Trav. 2006-02-23 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
16410 CVE-2006-0853 DoS Exec Code Overflow 2006-02-22 2018-10-18
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument.
16411 CVE-2006-0845 Exec Code 2006-02-21 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
16412 CVE-2006-0808 DoS +Info 2006-02-20 2017-07-19
6.4
None Remote Low Not required Partial None Partial
MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes.
16413 CVE-2006-0785 Bypass 2006-02-19 2018-10-18
6.4
None Remote Low Not required Partial Partial None
Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions.
16414 CVE-2006-0771 134 DoS Exec Code 2006-02-18 2018-10-19
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason.
16415 CVE-2006-0732 Dir. Trav. 2006-02-16 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.
16416 CVE-2006-0725 94 File Inclusion 2006-02-16 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and affected version than CVE-2006-2645.
16417 CVE-2006-0705 134 Exec Code 2006-02-15 2017-07-19
6.5
None Remote Low Single system Partial Partial Partial
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.
16418 CVE-2006-0660 Dir. Trav. 2006-02-13 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
16419 CVE-2006-0659 94 Exec Code 2006-02-13 2011-09-08
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
16420 CVE-2006-0652 +Info 2006-02-13 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability.
16421 CVE-2006-0638 Exec Code Sql 2006-02-10 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter.
16422 CVE-2006-0633 287 2006-02-10 2013-01-03
6.4
None Remote Low Not required Partial Partial None
The make_password function in ipsclass.php in Invision Power Board (IPB) 2.1.4 uses random data generated from partially predictable seeds to create the authentication code that is sent by e-mail to a user with a lost password, which might make it easier for remote attackers to guess the code and change the password for an IPB account, possibly involving millions of requests.
16423 CVE-2006-0632 2006-02-10 2018-10-19
6.4
None Remote Low Not required Partial Partial None
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
16424 CVE-2006-0625 Exec Code Dir. Trav. 2006-02-09 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
16425 CVE-2006-0620 Exec Code 2006-02-08 2017-07-19
6.2
Admin Local High Not required Complete Complete Complete
Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users to execute arbitrary code via unspecified manipulations of the PHFONT and PHOTON2_PATH environment variables.
16426 CVE-2006-0614 Bypass 2006-02-08 2018-10-04
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue."
16427 CVE-2006-0603 79 XSS 2006-02-08 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter.
16428 CVE-2006-0587 2006-02-07 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
16429 CVE-2006-0581 Exec Code Sql 2006-02-07 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 allows remote authenticated users to execute arbitrary SQL commands via the (1) GatewayID parameter in an add action in AddGatewaySettings.asp and (2) IP parameter in IPManager.asp.
16430 CVE-2006-0553 264 +Priv 2006-02-14 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
16431 CVE-2006-0446 Exec Code 2006-01-26 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors.
16432 CVE-2006-0444 Exec Code Sql XSS 2006-01-26 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.
16433 CVE-2006-0422 DoS 2006-01-25 2017-07-19
6.4
None Remote Low Not required Partial None Partial
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
16434 CVE-2006-0419 DoS 2006-01-25 2008-09-05
6.4
None Remote Low Not required Partial None Partial
BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.
16435 CVE-2006-0387 Exec Code Overflow 2006-03-06 2017-07-19
6.4
None Remote Low Not required None Partial Partial
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
16436 CVE-2006-0367 2006-01-22 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page."
16437 CVE-2006-0360 DoS +Info 2006-01-22 2017-07-19
6.4
None Remote Low Not required Partial None Partial
MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
16438 CVE-2006-0344 Dir. Trav. 2006-01-20 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR commands.
16439 CVE-2006-0332 94 2006-01-20 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.
16440 CVE-2006-0299 2006-02-02 2018-10-19
6.4
None Remote Low Not required Partial Partial None
The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 exposes the internal "AnyName" object to external interfaces, which allows multiple cooperating domains to exchange information in violation of the same origin restrictions.
16441 CVE-2006-0250 Exec Code 2006-01-17 2018-10-19
6.4
None Remote Low Not required None Partial Partial
Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.
16442 CVE-2006-0242 XSS 2006-01-17 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter.
16443 CVE-2006-0231 2006-04-24 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
16444 CVE-2006-0183 Exec Code 2006-01-12 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. NOTE: this issue might be resultant from the poor authentication as identified by CVE-2006-0182. Since the design of the product allows the administrator to edit the code, perhaps this issue should not be included in CVE, except as a consequence of CVE-2006-0182.
16445 CVE-2006-0071 2006-01-03 2008-09-05
6.6
None Local Low Not required Complete Complete None
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
16446 CVE-2006-0038 189 Overflow 2006-03-22 2017-10-10
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
16447 CVE-2006-0026 Exec Code Overflow 2006-07-11 2018-10-30
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).
16448 CVE-2006-0015 Exec Code XSS 2006-04-11 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
16449 CVE-2006-0013 Exec Code Overflow 2006-02-14 2018-10-12
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
16450 CVE-2005-4884 2010-01-25 2010-01-26
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allows remote authenticated attackers to affect availability via unknown vectors, aka DB02.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.