Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5929 | 1 Phpjobscheduler | 1 Phpjobscheduler | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in firepjs.php in Phpjobscheduler 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5817 | 1 Parallels | 1 Parallels Desktop | 2008-09-05 | 2.1 LOW | N/A |
| prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. | |||||
| CVE-2006-5778 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2008-09-05 | 4.6 MEDIUM | N/A |
| ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | |||||
| CVE-2006-5956 | 1 Xlinesoft | 1 Phprunner | 2008-09-05 | 2.1 LOW | N/A |
| XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2006-5924 | 1 Efficientip | 1 Ipmanager | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources. | |||||
| CVE-2006-5961 | 1 Pegasus | 1 Mercury Mail Transport System | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable. | |||||
| CVE-2006-5479 | 1 Novell | 1 Edirectory | 2008-09-05 | 5.0 MEDIUM | N/A |
| The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote attackers to cause an unspecified denial of service via a certain "NCP Fragment." | |||||
| CVE-2006-5529 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2008-09-05 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in smumdadotcom_ascyb_alumni/mod.php in SchoolAlumni Portal 2.26 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the katalog module. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5528 | 1 Schoolalumni Portal | 1 Schoolalumni Portal | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5394 | 1 Cisco | 1 Secure Desktop | 2008-09-05 | 2.1 LOW | N/A |
| The default configuration of Cisco Secure Desktop (CSD) has an unchecked "Disable printing" box in Secure Desktop Settings, which might allow local users to read data that was sent to a printer during another user's SSL VPN session. | |||||
| CVE-2006-5483 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root. | |||||
| CVE-2006-5457 | 1 Casinosoft | 1 Casino Script | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field. | |||||
| CVE-2006-5436 | 1 Freefaq | 1 Freefaq | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e allows remote attackers to execute arbitrary PHP code via a URL in the faqpath parameter. | |||||
| CVE-2006-5482 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 2.1 LOW | N/A |
| ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX. | |||||
| CVE-2006-5550 | 2 Freebsd, Openbsd | 2 Freebsd, Openbsd | 2008-09-05 | 4.9 MEDIUM | N/A |
| The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. | |||||
| CVE-2006-5569 | 1 Datawizard | 1 Ftpxq | 2008-09-05 | 6.4 MEDIUM | N/A |
| FtpXQ Server 3.0.1 installs with two default testing accounts, which allows remote attackers to read or write arbitrary files via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5064 | 1 Birdblog | 1 Birdblog | 2008-09-05 | 5.1 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entryid parameter in comment.php, (2) page parameter in index.php, or the (3) uid parameter in user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5252 | 1 Webmedia Explorer | 1 Webmedia Explorer | 2008-09-05 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/core.lib.php in Webmedia Explorer 2.8.7 allows remote attackers to execute arbitrary PHP code via a URL in the path_include parameter. | |||||
| CVE-2006-5117 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files. | |||||
| CVE-2006-5248 | 1 Eazy Cart | 1 Eazy Cart | 2008-09-05 | 7.8 HIGH | N/A |
| Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||