| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-6574 | 0.00 | — | 0.02 | Dec 15, 2006 | Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | |||
| CVE-2006-6575 | 0.03 | — | 0.02 | Dec 15, 2006 | PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter. | |||
| CVE-2006-6576 | 0.08 | — | 0.67 | Dec 15, 2006 | Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector… | |||
| CVE-2006-6577 | 0.03 | — | 0.01 | Dec 15, 2006 | SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2006-6578 | 0.01 | — | 0.07 | Dec 15, 2006 | Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when… | |||
| CVE-2006-6579 | 0.00 | — | 0.01 | Dec 15, 2006 | Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read… | |||
| CVE-2006-6580 | 0.00 | — | 0.01 | Dec 15, 2006 | admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2006-6581 | 0.03 | — | 0.03 | Dec 15, 2006 | PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. | |||
| CVE-2006-6582 | 0.00 | — | 0.01 | Dec 15, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp,… | |||
| CVE-2006-6583 | 0.00 | — | 0.01 | Dec 15, 2006 | ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. | |||
| CVE-2006-6584 | 0.00 | — | 0.05 | Dec 15, 2006 | Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2006-6585 | 0.00 | — | 0.01 | Dec 15, 2006 | The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. … | |||
| CVE-2006-6586 | 0.03 | — | 0.02 | Dec 15, 2006 | Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/. | |||
| CVE-2006-6587 | 0.01 | — | 0.08 | Dec 15, 2006 | Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||
| CVE-2006-6588 | 0.00 | — | 0.02 | Dec 15, 2006 | The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content,… | |||
| CVE-2006-6589 | 0.00 | — | 0.03 | Dec 15, 2006 | Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587.… | |||
| CVE-2006-6590 | 0.03 | — | 0.02 | Dec 15, 2006 | PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter. | |||
| CVE-2006-6591 | 0.00 | — | 0.01 | Dec 15, 2006 | PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter. | |||
| CVE-2006-6592 | 0.03 | — | 0.03 | Dec 15, 2006 | Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php. | |||
| CVE-2006-6593 | 0.03 | — | 0.02 | Dec 15, 2006 | PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | |||
| CVE-2006-6594 | 0.00 | — | 0.01 | Dec 15, 2006 | SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter. | |||
| CVE-2006-6595 | 0.00 | — | 0.01 | Dec 15, 2006 | Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components. | |||
| CVE-2006-6563 | 0.03 | — | 0.02 | Dec 15, 2006 | Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. | |||
| CVE-2006-6564 | 0.03 | — | 0.06 | Dec 15, 2006 | FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. | |||
| CVE-2006-6565 | 0.09 | — | 0.70 | Dec 15, 2006 | FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that… | |||
| CVE-2006-6566 | 0.03 | — | 0.03 | Dec 15, 2006 | PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||
| CVE-2006-6567 | 0.03 | — | 0.04 | Dec 15, 2006 | PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | |||
| CVE-2006-6568 | 0.03 | — | 0.04 | Dec 15, 2006 | Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter. | |||
| CVE-2006-6569 | 0.03 | — | 0.03 | Dec 15, 2006 | form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter. | |||
| CVE-2006-6570 | 0.00 | — | 0.01 | Dec 15, 2006 | Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action. | |||
| CVE-2006-6571 | 0.03 | — | 0.02 | Dec 15, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters. | |||
| CVE-2006-6572 | 0.00 | — | 0.01 | Dec 15, 2006 | Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain… | |||
| CVE-2006-6573 | 0.00 | — | 0.01 | Dec 15, 2006 | Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information… | |||
| CVE-2006-6105 | 0.00 | — | 0.00 | Dec 15, 2006 | Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | |||
| CVE-2006-4902 | 0.00 | — | 0.04 | Dec 14, 2006 | The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid… | |||
| CVE-2006-5822 | 0.01 | — | 0.12 | Dec 14, 2006 | Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than… | |||
| CVE-2006-6222 | 0.01 | — | 0.12 | Dec 14, 2006 | Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix. | |||
| CVE-2006-6304 | 0.00 | — | 0.02 | Dec 14, 2006 | The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump. | |||
| CVE-2006-6474 | 0.00 | — | 0.00 | Dec 14, 2006 | Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious… | |||
| CVE-2006-6547 | 0.00 | — | 0.03 | Dec 14, 2006 | Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. | |||
| CVE-2006-6548 | 0.00 | — | 0.01 | Dec 14, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the… | |||
| CVE-2006-6549 | 0.00 | — | 0.01 | Dec 14, 2006 | PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby… | |||
| CVE-2006-6550 | 0.03 | — | 0.02 | Dec 14, 2006 | PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use | |||
| CVE-2006-6551 | 0.03 | — | 0.02 | Dec 14, 2006 | PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter. | |||
| CVE-2006-6552 | 0.03 | — | 0.03 | Dec 14, 2006 | PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter. | |||
| CVE-2006-6553 | 0.03 | — | 0.03 | Dec 14, 2006 | PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | |||
| CVE-2006-6554 | 0.00 | — | 0.01 | Dec 14, 2006 | Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. | |||
| CVE-2006-6555 | 0.00 | — | 0.01 | Dec 14, 2006 | Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2006-6556 | 0.00 | — | 0.03 | Dec 14, 2006 | The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation. | |||
| CVE-2006-6557 | 0.00 | — | 0.01 | Dec 14, 2006 | Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." |
- CVE-2006-6574Dec 15, 2006risk 0.00cvss —epss 0.02
Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.
- CVE-2006-6575Dec 15, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style parameter.
- CVE-2006-6576Dec 15, 2006risk 0.08cvss —epss 0.67
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector…
- CVE-2006-6577Dec 15, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2006-6578Dec 15, 2006risk 0.01cvss —epss 0.07
Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when…
- CVE-2006-6579Dec 15, 2006risk 0.00cvss —epss 0.01
Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read…
- CVE-2006-6580Dec 15, 2006risk 0.00cvss —epss 0.01
admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE: the provenance of this information is unknown; the details are…
- CVE-2006-6581Dec 15, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter.
- CVE-2006-6582Dec 15, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp,…
- CVE-2006-6583Dec 15, 2006risk 0.00cvss —epss 0.01
ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box.
- CVE-2006-6584Dec 15, 2006risk 0.00cvss —epss 0.05
Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
- CVE-2006-6585Dec 15, 2006risk 0.00cvss —epss 0.01
The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. …
- CVE-2006-6586Dec 15, 2006risk 0.03cvss —epss 0.02
Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/.
- CVE-2006-6587Dec 15, 2006risk 0.01cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message.
- CVE-2006-6588Dec 15, 2006risk 0.00cvss —epss 0.02
The forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) trusts the (1) dataResourceTypeId, (2) contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content,…
- CVE-2006-6589Dec 15, 2006risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587.…
- CVE-2006-6590Dec 15, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in usercp_menu.php in AR Memberscript allows remote attackers to execute arbitrary PHP code via a URL in the script_folder parameter.
- CVE-2006-6591Dec 15, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in fonctions/template.php in EXlor 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the repphp parameter.
- CVE-2006-6592Dec 15, 2006risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow remote attackers to execute arbitrary PHP code via a URL in the page[path] parameter to (1) index.php, (2) admin.php, (3) rss.php, (4) rdf.php, (5) rss2.php, or (6) files/mainfile.php.
- CVE-2006-6593Dec 15, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in zufallscodepart.php in AMAZONIA MOD for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
- CVE-2006-6594Dec 15, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in utilities/usermessages.asp in ScriptMate User Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the mesid parameter.
- CVE-2006-6595Dec 15, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via "Manage Resources" and possibly other unspecified components.
- CVE-2006-6563Dec 15, 2006risk 0.03cvss —epss 0.02
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
- CVE-2006-6564Dec 15, 2006risk 0.03cvss —epss 0.06
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
- CVE-2006-6565Dec 15, 2006risk 0.09cvss —epss 0.70
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that…
- CVE-2006-6566Dec 15, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in includes/profilcp_constants.php in the Profile Control Panel (CPanel) module for mxBB 0.91c allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
- CVE-2006-6567Dec 15, 2006risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
- CVE-2006-6568Dec 15, 2006risk 0.03cvss —epss 0.04
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
- CVE-2006-6569Dec 15, 2006risk 0.03cvss —epss 0.03
form.php in GenesisTrader 1.0 allows remote attackers to read source code for arbitrary files and obtain sensitive information via the (1) do and (2) chem parameters with a "modfich" floap parameter.
- CVE-2006-6570Dec 15, 2006risk 0.00cvss —epss 0.01
Unrestricted file upload vulnerability in upload.php in GenesisTrader 1.0 allows remote authenticated users to upload arbitrary files via unspecified vectors, possibly involving form.php and the ajoutfich "foap" action.
- CVE-2006-6571Dec 15, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters.
- CVE-2006-6572Dec 15, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain…
- CVE-2006-6573Dec 15, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information…
- CVE-2006-6105Dec 15, 2006risk 0.00cvss —epss 0.00
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
- CVE-2006-4902Dec 14, 2006risk 0.00cvss —epss 0.04
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid…
- CVE-2006-5822Dec 14, 2006risk 0.01cvss —epss 0.12
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than…
- CVE-2006-6222Dec 14, 2006risk 0.01cvss —epss 0.12
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.
- CVE-2006-6304Dec 14, 2006risk 0.00cvss —epss 0.02
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
- CVE-2006-6474Dec 14, 2006risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious…
- CVE-2006-6547Dec 14, 2006risk 0.00cvss —epss 0.03
Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file.
- CVE-2006-6548Dec 14, 2006risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) scripts2/changeemail, (2) scripts2/limitbw, or (3) scripts/rearrangeacct. NOTE: the…
- CVE-2006-6549Dec 14, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in upload.php in Rad Upload 3.02 allows remote attackers to execute arbitrary PHP code via a URL in the save_path parameter. NOTE: CVE disputes this vulnerability because save_path is originally defined as "" before use, and the nearby…
- CVE-2006-6550Dec 14, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
- CVE-2006-6551Dec 14, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter.
- CVE-2006-6552Dec 14, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in admin/plugins/NP_UserSharing.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DIR_ADMIN parameter.
- CVE-2006-6553Dec 14, 2006risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in includes/newssuite_constants.php in the NewsSuite 1.03 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter.
- CVE-2006-6554Dec 14, 2006risk 0.00cvss —epss 0.01
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm.
- CVE-2006-6555Dec 14, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2006-6556Dec 14, 2006risk 0.00cvss —epss 0.03
The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation.
- CVE-2006-6557Dec 14, 2006risk 0.00cvss —epss 0.01
Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes."