Search Results (Refine Search)

Search Parameters:
There are 163,028 matching records.
Displaying matches 145,421 through 145,440.
Vuln ID Summary CVSS Severity
CVE-2006-2426

Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-2427

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2006-2428

add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-2429

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-2430

IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-2431

Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-2432

IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2433

Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console".

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-2434

Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2435

Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts."

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2006-2436

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2437

The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2438

Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid.

Published: May 17, 2006; 6:06:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2405

Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2006-2406

Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2006-2407

Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX Component 1.2.7 and 1.3.3 DEMO, as used in other products including (2) FreeSSHd 1.0.9 and (3) freeFTPd 1.0.10, allows remote attackers to execute arbitrary code via a long key exchange algorithm string.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2408

Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-2409

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2006-2410

raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-2411

Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client.

Published: May 16, 2006; 6:02:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH