Total
29312 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-5663 | 1 Ibm | 3 Informix Client Sdk, Informix Dynamic Server, Informix I-connect | 2024-11-21 | 4.6 MEDIUM | N/A |
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||||
CVE-2006-5662 | 1 Evandor | 1 Easy Notesmanager | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page." | |||||
CVE-2006-5661 | 1 Virtech | 1 Netquery | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
CVE-2006-5660 | 1 Cisco | 1 Security Agent Management Center | 2024-11-21 | 7.5 HIGH | N/A |
Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 does not properly handle certain LDAP error messages, which allows remote attackers to bypass authentication requirements via an empty password when using an external LDAP server. | |||||
CVE-2006-5659 | 1 Pam Extern | 1 Pam Extern | 2024-11-21 | 2.1 LOW | N/A |
PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2006-5658 | 1 Studio Achtundachtzig | 1 Bloomooweb Activex Control | 2024-11-21 | 7.6 HIGH | N/A |
BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to (1) download arbitrary files via a URL in the bstrUrl parameter to the BW_DownloadFile method, (2) execute arbitrary local files via a file path in the bstrParams parameter to the BW_LaunchGame method, and (3) delete arbitrary files via a file path in the filePath parameter to the BW_DeleteTempFile method. | |||||
CVE-2006-5657 | 1 Vilistextum | 1 Vilistextum | 2024-11-21 | 10.0 HIGH | N/A |
Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors. | |||||
CVE-2006-5655 | 1 Opendocman | 1 Opendocman | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2006-5653 | 1 Sun | 1 Java System Messenger Express | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. | |||||
CVE-2006-5652 | 1 Sun | 1 Iplanet Messaging Server Messenger Express | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. | |||||
CVE-2006-5651 | 1 Digioz | 1 Digioz Guestbook | 2024-11-21 | 5.0 MEDIUM | N/A |
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | |||||
CVE-2006-5650 | 1 Aol | 1 Icq | 2024-11-21 | 7.5 HIGH | N/A |
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | |||||
CVE-2006-5643 | 1 Foresite Cms | 1 Foresite Cms | 2024-11-21 | 6.8 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
CVE-2006-5642 | 1 Nmnlogger | 1 Nmnlogger | 2024-11-21 | 10.0 HIGH | N/A |
Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers. | |||||
CVE-2006-5641 | 1 Techno Dreams | 1 Announcement Script | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
CVE-2006-5640 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
CVE-2006-5639 | 1 Openwbem | 1 Openwbem | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." | |||||
CVE-2006-5638 | 1 Phpmyring | 1 Phpmyring | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters. | |||||
CVE-2006-5637 | 1 Faq Administrator | 1 Faq Administrator | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter. | |||||
CVE-2006-5636 | 1 Sws | 1 Simple Website Software | 2024-11-21 | 5.1 MEDIUM | N/A |
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. |