CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2006-4062 Exec Code File Inclusion 2006-08-09 2017-10-18
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in usr/extensions/get_tree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[root_path] parameter.
352 CVE-2006-4061 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter. NOTE: this issue has been disputed by third party researchers, stating that the rep_par_rapport_racine variable is initialized before use.
353 CVE-2006-4060 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in calendar.php in Visual Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_dir parameter.
354 CVE-2006-4059 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in USOLVED NEWSolved Lite 1.9.2, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) newsscript_lyt.php, (2) newsticker/newsscript_get.php, (3) inc/output/news_theme1.php, (4) inc/output/news_theme2.php, or (5) inc/output/news_theme3.php.
355 CVE-2006-4058 XSS 2006-08-09 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
356 CVE-2006-4057 DoS Exec Code Overflow 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
357 CVE-2006-4056 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the authentication process in katzlbt (a) The Address Book 1.04e and earlier and (b) The Address Book Reloaded before 2.0-rc4 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. NOTE: portions of these details are obtained from third party information.
358 CVE-2006-4055 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to (1) include/colorswitch.php, (2) contentimages.class.php, (3) ipfunctions.php, (4) configfunctions.php, (5) printpagedetails.php, or (6) log.class.php. NOTE: the copyright.php vector is already covered by CVE-2006-3993.
359 CVE-2006-4054 Exec Code File Inclusion 2006-08-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ME Download System 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) Vb8878b936c2bd8ae0cab parameter to (a) inc/sett_style.php or (b) inc/sett_smilies.php; or the (2) Vb6c4d0e18a204a63b38f, (3) V18a78b93c3adaaae84e2, or (4) V9ae5d2ca9e9e787969ff parameters to (c) inc/datei.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
360 CVE-2006-4053 Exec Code File Inclusion 2006-08-09 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in templates/header.php in ME Download System 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the Vb8878b936c2bd8ae0cab parameter.
361 CVE-2006-4052 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Simple Shop 2.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) admin/index.php, (2) admin/adminindex.php, (3) admin/adminglobal.php, (4) admin/login.php, (5) admin/menu.php or (6) admin/header.php.
362 CVE-2006-4051 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in global.php in Turnkey Web Tools PHP Live Helper 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter.
363 CVE-2006-4050 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
364 CVE-2006-4049 2006-08-09 2017-07-19
2.1
None Local Low Not required None Partial None
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors.
365 CVE-2006-4048 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Netious CMS 0.4 initializes session IDs based on the client IP address, which allows remote attackers to gain access to the administration section when originating from the same IP address as the administrator. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
366 CVE-2006-4047 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
367 CVE-2006-4046 Exec Code Overflow 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 and earlier for Windows, and 0.1.10_rc5 and earlier on Linux/BSD, allow remote attackers to execute arbitrary code via (1) a large .S3M file handled by the mpLoadS3M function, (2) a crafted .IT file handled by the itplayerclass::module::load function, (3) a crafted .ULT file handled by the mpLoadULT function, or (4) a crafted .AMS file handled by the mpLoadAMS function.
368 CVE-2006-4045 Exec Code File Inclusion 2006-08-09 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in news.php in Torbstoff News 4 allows remote attackers to execute arbitrary PHP code via a URL in the pfad parameter.
369 CVE-2006-4044 Exec Code File Inclusion 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.
370 CVE-2006-4043 +Info 2006-08-09 2018-10-17
5.0
None Remote Low Not required Partial None None
index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.
371 CVE-2006-4042 89 Exec Code Sql 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
372 CVE-2006-4041 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Pike before 7.6.86, when using a Postgres database server, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
373 CVE-2006-4040 Exec Code File Inclusion 2006-08-09 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in myevent.php in myWebland myEvent 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myevent_path parameter.
374 CVE-2006-4039 89 Exec Code Sql 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters.
375 CVE-2006-4038 79 XSS 2006-08-09 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gastname or (2) gastwohnort parameters.
376 CVE-2006-4037 Exec Code 2006-08-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
377 CVE-2006-4036 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
378 CVE-2006-4035 Exec Code Sql 2006-08-09 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
379 CVE-2006-4034 Exec Code File Inclusion 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter.
380 CVE-2006-4033 Exec Code Overflow 2006-08-09 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LZH archive with a long header, as specified by the extendedHeaderSize.
381 CVE-2006-4032 2006-08-09 2017-07-19
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Cisco IOS CallManager Express (CME) allows remote attackers to gain sensitive information (user names) from the Session Initiation Protocol (SIP) user directory via certain SIP messages, aka bug CSCse92417.
382 CVE-2006-4031 2006-08-09 2019-10-07
2.1
None Local Low Not required Partial None None
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
383 CVE-2006-4030 +Info 2006-08-16 2008-09-05
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."
384 CVE-2006-4029 Exec Code Overflow 2006-08-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
385 CVE-2006-4028 2006-08-09 2011-09-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).
386 CVE-2006-4026 94 Exec Code File Inclusion 2006-08-08 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php and the (2) GLOBALS["root_path"] parameter in usr/extensions/get_tree.inc.php.
387 CVE-2006-4025 Exec Code Sql 2006-08-08 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.
388 CVE-2006-4024 DoS Exec Code 2006-08-08 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
389 CVE-2006-4023 Overflow Sql +Info 2006-08-08 2018-10-17
5.0
None Remote Low Not required Partial None None
The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.
390 CVE-2006-4022 Exec Code 2006-08-08 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-level applications" involving crafted frames, a different issue than CVE-2006-3992.
391 CVE-2006-4021 2006-08-17 2018-10-17
2.6
None Remote High Not required Partial None None
The cryptographic module in ScatterChat 1.0.x allows attackers to identify patterns in large numbers of messages by identifying collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
392 CVE-2006-4020 Exec Code 2006-08-08 2018-10-30
4.6
User Local Low Not required Partial Partial Partial
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
393 CVE-2006-4019 2006-08-11 2018-10-17
6.4
None Remote Low Not required Partial Partial None
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
394 CVE-2006-4018 119 Exec Code Overflow 2006-08-08 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
395 CVE-2006-4017 XSS 2006-08-07 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search module in Inter Network Marketing (INM) CMS G3 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.
396 CVE-2006-4016 XSS 2006-08-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS stable 1.0.3 and earlier, and unstable 1.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via the s parameter.
397 CVE-2006-4015 DoS 2006-08-07 2018-10-17
5.0
None Remote Low Not required None None Partial
Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.
398 CVE-2006-4014 DoS 2006-08-07 2008-09-05
5.0
None Remote Low Not required None None Partial
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
399 CVE-2006-4013 22 Dir. Trav. 2006-08-07 2017-07-19
7.6
None Remote High Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests.
400 CVE-2006-4012 Exec Code File Inclusion 2006-08-07 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.
Total number of vulnerabilities : 539   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.