Total
29312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5884 | 1 Microsoft | 2 Ie, Internet Explorer | 2024-11-21 | 7.5 HIGH | N/A |
Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and CVE-2006-4777. | |||||
CVE-2006-5883 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html. | |||||
CVE-2006-5881 | 1 Dynamic Dataworx | 1 Nucommunity | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter. | |||||
CVE-2006-5880 | 1 Isystems | 1 Munch Pro | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2006-5879 | 1 Aspportal | 1 Aspportal | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353. | |||||
CVE-2006-5878 | 1 Edgewall Software | 1 Trac | 2024-11-21 | 7.5 HIGH | N/A |
Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors. | |||||
CVE-2006-5877 | 2 Enigmail, Ubuntu | 2 Enigmail, Ubuntu Linux | 2024-11-21 | 7.8 HIGH | N/A |
The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | |||||
CVE-2006-5876 | 1 Libsoup | 1 Libsoup | 2024-11-21 | 7.8 HIGH | N/A |
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values. | |||||
CVE-2006-5875 | 1 Enemies Of Carlotta | 1 Enemies Of Carlotta | 2024-11-21 | 6.8 MEDIUM | N/A |
eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address". | |||||
CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||
CVE-2006-5873 | 2 Debian, L2tpns | 2 Debian Linux, L2tpns | 2024-11-21 | 7.8 HIGH | N/A |
Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. | |||||
CVE-2006-5871 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.1 MEDIUM | N/A |
smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. | |||||
CVE-2006-5869 | 1 Pstotext | 1 Pstotext | 2024-11-21 | 5.1 MEDIUM | N/A |
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | |||||
CVE-2006-5868 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2024-11-21 | 9.3 HIGH | N/A |
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image. | |||||
CVE-2006-5866 | 1 Phpmanta | 1 Phpmanta | 2024-11-21 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter. | |||||
CVE-2006-5863 | 1 Otterware | 1 Letterit2 | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter. | |||||
CVE-2006-5862 | 1 Network Administration Visualized | 1 Network Administration Visualized | 2024-11-21 | 4.6 MEDIUM | N/A |
Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors. | |||||
CVE-2006-5861 | 1 Citrix | 2 Metaframe, Metaframe Presentation Server | 2024-11-21 | 5.0 MEDIUM | N/A |
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | |||||
CVE-2006-5856 | 1 Adobe | 1 Download Manager | 2024-11-21 | 6.8 MEDIUM | N/A |
Stack-based buffer overflow in the Adobe Download Manager before 2.2 allows remote attackers to execute arbitrary code via a long section name in the dm.ini file, which is populated via an AOM file. | |||||
CVE-2006-5855 | 1 Ibm | 1 Tivoli Storage Manager | 2024-11-21 | 10.0 HIGH | N/A |
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message. |