Total
29312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-6012 | 1 Mginternet | 1 Car Site Manager | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-6011 | 1 Sap | 1 Sap Web Application Server | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | |||||
CVE-2006-6010 | 1 Sap | 1 Sap Web Application Server | 2024-11-21 | 5.0 MEDIUM | N/A |
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | |||||
CVE-2006-6009 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. | |||||
CVE-2006-6008 | 1 Netkit | 1 Netkit | 2024-11-21 | 6.5 MEDIUM | N/A |
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | |||||
CVE-2006-6007 | 1 Webevents | 1 Online Event Registration | 2024-11-21 | 5.0 MEDIUM | N/A |
save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | |||||
CVE-2006-5991 | 1 Cactusoft | 1 Cactushop | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | |||||
CVE-2006-5989 | 1 Mod Auth Kerb | 1 Mod Auth Kerb | 2024-11-21 | 5.0 MEDIUM | N/A |
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | |||||
CVE-2006-5988 | 1 Microsoft | 1 Windows 2000 | 2024-11-21 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes. | |||||
CVE-2006-5987 | 1 Aspintranet | 1 Aspintranet | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | |||||
CVE-2006-5986 | 1 Extreme Cms | 1 Extreme Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
CVE-2006-5985 | 1 Extreme Cms | 1 Extreme Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
CVE-2006-5984 | 1 Webhost Automation | 1 Helm Web Hosting Control Panel | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. NOTE: the txtDomainName parameter to domains.asp is covered by CVE-2006-1407, which suggests that this vector is fixed in 3.2.10 stable. | |||||
CVE-2006-5983 | 1 Jbmc Software | 1 Directadmin | 2024-11-21 | 6.0 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software DirectAdmin 1.28.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user parameter to (a) CMD_SHOW_RESELLER or (b) CMD_SHOW_USER in the Admin level; the (2) TYPE parameter to (c) CMD_TICKET_CREATE or (d) CMD_TICKET, the (3) user parameter to (e) CMD_EMAIL_FORWARDER_MODIFY, (f) CMD_EMAIL_VACATION_MODIFY, or (g) CMD_FTP_SHOW, and the (4) name parameter to (h) CMD_EMAIL_LIST in the User level; or the (5) user parameter to (i) CMD_SHOW_USER in the Reseller level. | |||||
CVE-2006-5980 | 1 Renasoft | 1 Netjetserver | 2024-11-21 | 10.0 HIGH | N/A |
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
CVE-2006-5979 | 1 Renasoft | 1 Netjetserver | 2024-11-21 | 5.0 MEDIUM | N/A |
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
CVE-2006-5978 | 1 E-xoopport | 1 E-xoopport | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix." | |||||
CVE-2006-5977 | 1 Expinion.net | 1 Multicalendars | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. NOTE: the all_calendars.asp/calsids vector is already covered by CVE-2006-2293. | |||||
CVE-2006-5976 | 1 Drumster | 1 Blogme | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information. | |||||
CVE-2006-5975 | 1 Drumster | 1 Blogme | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field. |