Search Results (Refine Search)

Search Parameters:
There are 163,028 matching records.
Displaying matches 145,401 through 145,420.
Vuln ID Summary CVSS Severity
CVE-2006-2466

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-2467

BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-2468

The WebLogic Server Administration Console in BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 displays the domain name in the Console login form, which allows remote attackers to obtain sensitive information.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-2469

The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2470

Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2471

Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2472

Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys.

Published: May 19, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-2458

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c).

Published: May 18, 2006; 7:02:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2006-1528

Linux kernel before 2.6.13 allows local users to cause a denial of service (crash) via a dio transfer from the sg driver to memory mapped (mmap) IO space.

Published: May 18, 2006; 3:06:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-1855

choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process.

Published: May 18, 2006; 3:06:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2006-2440

Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.

Published: May 18, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2441

Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.

Published: May 18, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2442

kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.

Published: May 18, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-2443

The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database.

Published: May 18, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-1953

Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2006-2421

Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2422

phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact".

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2423

Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-2424

PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-2425

Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM