U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 165,012 matching records.
Displaying matches 145,521 through 145,540.
Vuln ID Summary CVSS Severity
CVE-2006-4444

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

Published: August 29, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2006-4445

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.

Published: August 29, 2006; 7:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4421

Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2006-4422

** DISPUTED ** PHP remote file inclusion vulnerability in includes/phpdig/libs/search_function.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary PHP code via a URL in the relative_script_path parameter, a different vector than CVE-2006-2270. NOTE: this issue has been disputed, and as of 20060830, CVE analysis concurs with the dispute. In addition, it is likely that the vulnerability is actually in a third party module, phpDig 1.8.8.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4423

Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4424

PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4425

Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4426

PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4427

index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2006-4428

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value before it is referenced in an include statement.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4429

** DISPUTED ** PHP remote file inclusion vulnerability in handlers/email/mod.output.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter, a different vector than CVE-2006-4291. NOTE: This issue has been disputed by a third party, who states that the _IN_PHM_ declaration prevents this file from being called directly.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4430

The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4431

Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID).

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4432

Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the final component of the PHP session identifier (PHPSESSID). NOTE: in some cases, this issue can be leveraged to perform direct static code injection.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4433

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4434

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4435

OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 4.9 MEDIUM
CVE-2006-4436

isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.

Published: August 28, 2006; 8:04:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2006-4417

SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.

Published: August 28, 2006; 5:04:00 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2006-4418

Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file.

Published: August 28, 2006; 5:04:00 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM