CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2006-4011 Exec Code File Inclusion 2006-08-07 2017-10-18
2.6
None Remote High Not required None Partial None
PHP remote file inclusion vulnerability in esupport/admin/autoclose.php in Kayako eSupport 2.3.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the subd parameter.
402 CVE-2006-4010 89 Exec Code Sql 2006-08-07 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.
403 CVE-2006-4009 XSS 2006-08-07 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
404 CVE-2006-4008 Exec Code File Inclusion 2006-08-07 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter.
405 CVE-2006-4007 Exec Code File Inclusion 2006-08-07 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.
406 CVE-2006-4006 200 +Info 2006-08-07 2017-07-19
5.0
None Remote Low Not required Partial None None
The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when sending a reply, and allows remote attackers to read portions of server memory.
407 CVE-2006-4005 DoS 2006-08-07 2017-07-19
5.0
None Remote Low Not required None None Partial
BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function in pkgcache.c; and (2) an error packet, which is intended to be received by clients and force client shutdown, but also triggers server shutdown.
408 CVE-2006-4004 Dir. Trav. 2006-08-07 2017-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.
409 CVE-2006-4003 +Info 2006-08-07 2018-10-17
5.0
None Remote Low Not required Partial None None
The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information via requests to the hobbitd daemon on port 1984/tcp.
410 CVE-2006-4002 XSS 2006-08-07 2017-07-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
411 CVE-2006-4001 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail logs, and possibly e-mail contents and the admin password.
412 CVE-2006-4000 Dir. Trav. 2006-08-04 2018-10-17
4.0
None Remote Low Single system Partial None None
Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
413 CVE-2006-3999 +Priv 2006-08-04 2018-10-17
4.6
User Local Low Not required Partial Partial Partial
ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, the attack would not cross privilege boundaries because replacing pamversion.dll requires administrative privileges. However, this issue is a vulnerability because BlackICE is intended to protect against certain rogue privileged actions.
414 CVE-2006-3998 Exec Code File Inclusion 2006-08-04 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
415 CVE-2006-3997 Exec Code File Inclusion 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parameter.
416 CVE-2006-3996 Exec Code Sql 2006-08-04 2018-10-17
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
417 CVE-2006-3995 94 Exec Code File Inclusion 2006-08-04 2017-10-18
6.8
User Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) uninstall.uhp.php, in the UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo or Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
418 CVE-2006-3994 Exec Code Sql Bypass 2006-08-04 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2uid parameter to u2u.php, which is directly accessed from $_POST and bypasses the protection scheme.
419 CVE-2006-3993 Exec Code File Inclusion 2006-08-04 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
420 CVE-2006-3992 Exec Code Mem. Corr. 2006-08-04 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
421 CVE-2006-3991 Exec Code File Inclusion 2006-08-04 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter.
422 CVE-2006-3990 Exec Code File Inclusion 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones Savant2, possibly when used with the com_mtree component for Mambo and Joomla!, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) Savant2_Plugin_stylesheet.php, (2) Savant2_Compiler_basic.php, (3) Savant2_Error_pear.php, (4) Savant2_Error_stack.php, (5) Savant2_Filter_colorizeCode.php, (6) Savant2_Filter_trimwhitespace.php, (7) Savant2_Plugin_ahref.php, (8) Savant2_Plugin_ahrefcontact.php, (9) Savant2_Plugin_ahreflisting.php, (10) Savant2_Plugin_ahreflistingimage.php, (11) Savant2_Plugin_ahrefmap.php, (12) Savant2_Plugin_ahrefownerlisting.php, (13) Savant2_Plugin_ahrefprint.php, (14) Savant2_Plugin_ahrefrating.php, (15) Savant2_Plugin_ahrefrecommend.php, (16) Savant2_Plugin_ahrefreport.php, (17) Savant2_Plugin_ahrefreview.php, (18) Savant2_Plugin_ahrefvisit.php, (19) Savant2_Plugin_checkbox.php, (20) Savant2_Plugin_cycle.php, (21) Savant2_Plugin_dateformat.php, (22) Savant2_Plugin_editor.php, (23) Savant2_Plugin_form.php, (24) Savant2_Plugin_image.php, (25) Savant2_Plugin_input.php, (26) Savant2_Plugin_javascript.php, (27) Savant2_Plugin_listalpha.php, (28) Savant2_Plugin_listingname.php, (29) Savant2_Plugin_modify.php, (30) Savant2_Plugin_mtpath.php, (31) Savant2_Plugin_options.php, (32) Savant2_Plugin_radios.php, (33) Savant2_Plugin_rating.php, or (34) Savant2_Plugin_textarea.php.
423 CVE-2006-3989 Exec Code File Inclusion 2006-08-04 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.
424 CVE-2006-3988 Exec Code File Inclusion 2006-08-04 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter.
425 CVE-2006-3987 Exec Code File Inclusion 2006-08-04 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
426 CVE-2006-3986 Exec Code File Inclusion 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.
427 CVE-2006-3985 119 Exec Code Overflow 2006-08-04 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
428 CVE-2006-3984 Exec Code File Inclusion 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.
429 CVE-2006-3983 Exec Code File Inclusion 2006-08-04 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
430 CVE-2006-3982 Exec Code File Inclusion 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in quickie.php in Knusperleicht Quickie, probably 0.2, allows remote attackers to execute arbitrary PHP code via a URL in the QUICK_PATH parameter.
431 CVE-2006-3981 Exec Code File Inclusion 2006-08-04 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
432 CVE-2006-3980 94 Exec Code File Inclusion 2006-08-04 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
433 CVE-2006-3979 Bypass 2006-08-09 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator.
434 CVE-2006-3977 2006-08-04 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
435 CVE-2006-3976 2006-08-04 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
436 CVE-2006-3975 Exec Code 2006-08-04 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."
437 CVE-2006-3972 Dir. Trav. 2006-08-02 2017-07-19
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in includes/operator_chattranscript.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to read arbitrary files via a .. (dot dot) in the chatid parameter.
438 CVE-2006-3971 XSS 2006-08-02 2017-07-19
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in visitor/livesupport/chat.php in Scott Weedon Ajax Chat, possibly 0.1, allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
439 CVE-2006-3970 Exec Code File Inclusion 2006-08-01 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in lmo.php in the LMO Component (com_lmo) 1.0b2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
440 CVE-2006-3969 Exec Code File Inclusion 2006-08-01 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
441 CVE-2006-3968 2006-08-01 2017-07-19
5.0
None Remote Low Not required None Partial None
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
442 CVE-2006-3967 Exec Code File Inclusion 2006-08-01 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
443 CVE-2006-3966 94 Exec Code File Inclusion 2006-08-01 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
444 CVE-2006-3965 +Info 2006-08-01 2016-10-17
5.0
None Remote Low Not required Partial None None
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
445 CVE-2006-3964 Exec Code File Inclusion 2006-08-01 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
446 CVE-2006-3963 Exec Code Sql 2006-08-01 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
447 CVE-2006-3962 Exec Code File Inclusion 2006-08-01 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
448 CVE-2006-3961 119 Exec Code Overflow 2006-08-01 2018-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
449 CVE-2006-3960 89 Exec Code Sql 2006-08-01 2011-08-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
450 CVE-2006-3959 Exec Code Sql 2006-08-01 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
Total number of vulnerabilities : 539   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.