Search Results (Refine Search)

Search Parameters:
There are 161,154 matching records.
Displaying matches 145,341 through 145,360.
Vuln ID Summary CVSS Severity
CVE-2006-0592

Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended.

Published: February 07, 2006; 8:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0593

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

Published: February 07, 2006; 8:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0576

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

Published: February 07, 2006; 7:06:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-0577

Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges.

Published: February 07, 2006; 7:06:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-0575

convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to create or overwrite arbitrary files via ".." sequences and a symlink attack on the temporary file that is used during conversion.

Published: February 07, 2006; 3:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0454

Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors such as (1) record-route and (2) timestamp IP options with the needaddr bit set and a truncated value.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0567

Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0568

Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0569

Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0570

Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0571

Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0572

phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0573

Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to (a) editquota.html or (b) dodelpop.html; (2) showtree parameter to (c) diskusage.html; or the (3) mon, (4) year, (5) target, or (6) domain parameter to (d) stats/detailbw.html.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0574

Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel 10 allows remote attackers to inject arbitrary web script or HTML via the (1) file extension or (2) mime-type.

Published: February 07, 2006; 1:06:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0513

Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0562

Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0563

SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0564

Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0565

PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0566

The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements.

Published: February 06, 2006; 6:02:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM