Search Results (Refine Search)

Search Parameters:
There are 145,045 matching records.
Displaying matches 129,341 through 129,360.
Vuln ID Summary CVSS Severity
CVE-2006-0479

pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

Published: January 31, 2006; 6:03:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0480

Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.

Published: January 31, 2006; 6:03:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0043

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

Published: January 30, 2006; 9:03:00 PM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-0467

Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.

Published: January 30, 2006; 9:03:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0301

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.

Published: January 30, 2006; 5:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0468

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.

Published: January 30, 2006; 1:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0469

Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.

Published: January 30, 2006; 1:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0461

Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer).

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0462

SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter.

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0463

Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php.

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0464

Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter.

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0465

Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter.

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0466

Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter.

Published: January 27, 2006; 6:03:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0057

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims that MS05-054 fixes this issue, but it is not described in MS05-054.

Published: January 27, 2006; 5:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0446

Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors.

Published: January 26, 2006; 7:03:00 PM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-0447

Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE.

Published: January 26, 2006; 7:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0448

Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands.

Published: January 26, 2006; 7:03:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0449

Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.

Published: January 26, 2006; 7:03:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0450

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database.

Published: January 26, 2006; 7:03:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0439

Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt.

Published: January 26, 2006; 5:03:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM