VYPR

CVEs

343,963 total · page 6503 of 6,880

AllCriticalHighKEV
  • CVE-2006-3632Jul 21, 2006
    Wireshark
    Wireshark
    risk 0.01cvss epss 0.07

    Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the NFS dissector.

  • CVE-2006-3679Jul 21, 2006
    Fatwire
    Fatwire Content Server
    risk 0.00cvss epss 0.02

    FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process.

  • CVE-2006-3680Jul 21, 2006
    Photocycle
    Photocycle
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in photocycle in Photocycle 1.0 allows remote attackers to inject arbitrary web script or HTML via the phpage parameter.

  • CVE-2006-3681Jul 21, 2006
    AWStats
    Awstats
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6)…

  • CVE-2006-3682Jul 21, 2006
    AWStats
    Awstats
    risk 0.04cvss epss 0.10

    awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.

  • CVE-2006-3683Jul 21, 2006
    Flipper Poll
    Flipper Poll
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.

  • CVE-2006-3684Jul 21, 2006
    Softcomplex
    PHP Event Calendar
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in calendar.php in SoftComplex PHP Event Calendar 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_calendar parameter, which overwrites the $path_to_calendar variable from an extract function call.

  • CVE-2006-3685Jul 21, 2006
    Czaries Network
    Czarnews
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 allows remote attackers to execute arbitrary PHP code via a URL in the tpath parameter to cn_config.php. NOTE: the news.php vector is already covered by CVE-2005-0859.

  • CVE-2006-3686Jul 21, 2006
    Microfocus
    Openvms
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).

  • CVE-2006-3687Jul 21, 2006
    Dlink
    DI-604 Broadband Router
    risk 0.05cvss epss 0.19

    Stack-based buffer overflow in the Universal Plug and Play (UPnP) service in D-Link DI-524, DI-604 Broadband Router, DI-624, D-Link DI-784, WBR-1310 Wireless G Router, WBR-2310 RangeBooster G Router, and EBR-2310 Ethernet Broadband Router allows remote attackers to execute…

  • CVE-2006-3688Jul 21, 2006
    Francisco Charrua
    Photo Gallery
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2006-3689Jul 21, 2006
    Codeworks
    Gnomedia Subberz
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that " the myadmindir…

  • CVE-2006-3690Jul 21, 2006
    Minibb
    Forum
    risk 0.03cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.

  • CVE-2006-3691Jul 21, 2006
    Vbzoom
    Vbzoom
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.php or (4) sub-join.php.

  • CVE-2006-3692Jul 21, 2006
    Silentweb
    Listmessenger
    risk 0.03cvss epss 0.04

    PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating that the $lm_path variable…

  • CVE-2006-3693Jul 21, 2006
    Rocks Clusters
    Rocks Clusters
    risk 0.03cvss epss 0.01

    Rocks Clusters 4.1 and earlier allows local users to gain privileges via commands enclosed with escaped backticks (\`) in an argument to the (1) mount-loop (mount-loop.c) or (2) umount-loop (umount-loop.c) command, which is not filtered in a system function call.

  • CVE-2006-3694Jul 21, 2006
    Yukihiro Matsumoto
    Ruby
    risk 0.00cvss epss 0.06

    Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote attackers to bypass "safe level" checks via unspecified vectors involving (1) the alias function and (2) "directory operations".

  • CVE-2006-3695Jul 21, 2006
    Edgewall Software
    Trac
    risk 0.00cvss epss 0.02

    Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a…

  • CVE-2006-3696Jul 21, 2006
    Outpost
    Firewall PRO
    risk 0.03cvss epss 0.01

    filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe.

  • CVE-2006-3697Jul 21, 2006
    Agnitum
    Outpost Firewall
    risk 0.00cvss epss 0.00

    Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which…

  • CVE-2006-3698Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.04cvss epss 0.06

    Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a…

  • CVE-2006-3699Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.0.1.5 and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB02.

  • CVE-2006-3700Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and 10.1.0.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 for Web Distributed Authoring and Versioning (DAV) and (2) DB23 for XMLDB.

  • CVE-2006-3701Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Dictionary component in Oracle Database 8.1.7.4, 9.0.1.5, and 9.2.0.6 has unknown impact and attack vectors, aka Oracle Vuln# DB05.

  • CVE-2006-3702Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB09, (4) DB10, (5) DB11, (6) DB12, (7) DB13, (8) DB14, and (9) DBC01 for OCI;…

  • CVE-2006-3703Jul 21, 2006
    Oracle Corporation
    InterMedia
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, 9.2.0.6, and 10.1.0.4 has unknown impact and attack vectors, aka oracle Vuln# DB07.

  • CVE-2006-3704Jul 21, 2006
    Oracle Corporation
    Oracle ODBC Driver
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Oracle ODBC Driver for Oracle Database 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# 10.1.0.4.

  • CVE-2006-3705Jul 21, 2006
    Oracle Corporation
    Database Server
    risk 0.00cvss epss 0.03

    Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB21 is…

  • CVE-2006-3706Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01.

  • CVE-2006-3707Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.

  • CVE-2006-3708Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, 10.1.2.0.2, and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS03.

  • CVE-2006-3709Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS04.

  • CVE-2006-3710Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, 9.0.4.2, and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# (1) AS05 and (2) AS08.

  • CVE-2006-3711Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.

  • CVE-2006-3712Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in OC4J for Oracle Application Server 9.0.4.2 and 10.1.2.0.0 has unknown impact and attack vectors, aka Oracle Vuln# AS07.

  • CVE-2006-3713Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in OC4J for Oracle Application Server 10.1.3.0 has unknown impact and attack vectors, aka Oracle Vuln# AS09.

  • CVE-2006-3714Jul 21, 2006
    Oracle Corporation
    Application Server
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10.

  • CVE-2006-3715Jul 21, 2006
    Oracle Corporation
    Collaboration Suite
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in Calendar for Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka Oracle Vuln# OCS01.

  • CVE-2006-3716Jul 21, 2006
    Oracle Corporation
    E Business Suite
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, and (8) APPS10 for…

  • CVE-2006-3717Jul 21, 2006
    Oracle Corporation
    Applications
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway.

  • CVE-2006-3718Jul 21, 2006
    Oracle Corporation
    Exchange
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Oracle Exchange for Oracle E-Business Suite and Applications 6.2.4 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS16 and (2) APPS17.

  • CVE-2006-3719Jul 21, 2006
    Oracle Corporation
    Enterprise Manager
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in CORE: Repository for Oracle Enterprise Manager 9.0.1.0 and 9.2.0.1 has unknown impact and attack vectors, aka Oracle Vuln# EM01.

  • CVE-2006-3720Jul 21, 2006
    Oracle Corporation
    Enterprise Manager
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Enterprise Config Management for Oracle Enterprise Manager 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# EM02.

  • CVE-2006-3721Jul 21, 2006
    Oracle Corporation
    Enterprise Manager
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04.

  • CVE-2006-3722Jul 21, 2006
    Oracle Corporation
    Peoplesoft Enterprise
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.

  • CVE-2006-3723Jul 21, 2006
    Oracle Corporation
    Peoplesoft Enterprise
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02.

  • CVE-2006-3724Jul 21, 2006
    Oracle Corporation
    JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in JD Edwards HTML Server for Oracle OneWorld Tools EnterpriseOne Tools 8.95 and 8.96 has unknown impact and attack vectors, aka Oracle Vuln# JDE01.

  • CVE-2006-3725Jul 21, 2006
    Symantec
    Norton Personal Firewall
    risk 0.00cvss epss 0.00

    Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a denial of service (crash) via certain RegSaveKey, RegRestoreKey and RegDeleteKey operations on the (1) HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc and (2) HKLM\SYSTEM\CurrentControlSet\Services\SymEvent…

  • CVE-2006-3726Jul 21, 2006
    Intervations
    Filecopa
    risk 0.08cvss epss 0.64

    Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th July 2006, allows remote authenticated attackers to execute arbitrary code via a long argument to the LIST command.

  • CVE-2006-3727Jul 21, 2006
    Eskolar CMS
    Eskolar CMS
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a) index.php; the (5) uid and (6) pwd parameters in (b) php/esa.php; and possibly…