Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29312 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-6012 1 Mginternet 1 Car Site Manager 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6011 1 Sap 1 Sap Web Application Server 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
CVE-2006-6010 1 Sap 1 Sap Web Application Server 2024-11-21 5.0 MEDIUM N/A
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
CVE-2006-6009 1 Sun 2 Jdk, Jre 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
CVE-2006-6008 1 Netkit 1 Netkit 2024-11-21 6.5 MEDIUM N/A
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.
CVE-2006-6007 1 Webevents 1 Online Event Registration 2024-11-21 5.0 MEDIUM N/A
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter.
CVE-2006-5991 1 Cactusoft 1 Cactushop 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp.
CVE-2006-5989 1 Mod Auth Kerb 1 Mod Auth Kerb 2024-11-21 5.0 MEDIUM N/A
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
CVE-2006-5988 1 Microsoft 1 Windows 2000 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
CVE-2006-5987 1 Aspintranet 1 Aspintranet 2024-11-21 7.5 HIGH N/A
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter.
CVE-2006-5986 1 Extreme Cms 1 Extreme Cms 2024-11-21 6.8 MEDIUM N/A
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5985 1 Extreme Cms 1 Extreme Cms 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5984 1 Webhost Automation 1 Helm Web Hosting Control Panel 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable.
CVE-2006-5983 1 Jbmc Software 1 Directadmin 2024-11-21 6.0 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level.
CVE-2006-5980 1 Renasoft 1 Netjetserver 2024-11-21 10.0 HIGH N/A
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5979 1 Renasoft 1 Netjetserver 2024-11-21 5.0 MEDIUM N/A
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
CVE-2006-5978 1 E-xoopport 1 E-xoopport 2024-11-21 10.0 HIGH N/A
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
CVE-2006-5977 1 Expinion.net 1 Multicalendars 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293.
CVE-2006-5976 1 Drumster 1 Blogme 2024-11-21 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.
CVE-2006-5975 1 Drumster 1 Blogme 2024-11-21 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.