Search Results (Refine Search)

Search Parameters:
There are 161,310 matching records.
Displaying matches 145,361 through 145,380.
Vuln ID Summary CVSS Severity
CVE-2006-0697

Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-0698

Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-0699

Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0700

imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0701

readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0702

admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0704

iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-0705

Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-0706

Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0708

Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2006-0709

Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a different vulnerability than CVE-2004-0105.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0710

Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-0711

The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0712

mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0713

Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0714

Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-0715

Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-0716

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

Published: February 15, 2006; 6:06:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH