Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3757 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | N/A |
| index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability. | ||||
| CVE-2006-3758 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php. | ||||
| CVE-2006-3753 | 1 Professional Home Page Tools | 1 Professional Home Page Tools Guestbook | 2025-04-03 | N/A |
| setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash. | ||||
| CVE-2006-3755 | 1 Flushcms | 1 Flushcms | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2025-04-03 | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | ||||
| CVE-2006-3781 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API. | ||||
| CVE-2006-3782 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors. | ||||
| CVE-2006-3783 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point. | ||||
| CVE-2006-3785 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | N/A |
| Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin. | ||||
| CVE-1999-1115 | 1 Hp | 1 Apollo Domain Os | 2025-04-03 | N/A |
| Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh). | ||||
| CVE-2005-1717 | 1 Zyxel | 1 Prestige 650r-31 | 2025-04-03 | N/A |
| ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets. | ||||
| CVE-2006-3808 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2025-04-03 | N/A |
| Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote Proxy AutoConfig (PAC) servers to execute code with elevated privileges via a PAC script that sets the FindProxyForURL function to an eval method on a privileged object. | ||||
| CVE-2006-3810 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapper(window).Function construct. | ||||
| CVE-2006-3829 | 1 Kailash Nadh | 1 Boastmachine | 2025-04-03 | N/A |
| Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action. | ||||
| CVE-2006-3825 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. | ||||
| CVE-2006-3853 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username. | ||||
| CVE-2006-3856 | 1 Ibm | 1 Informix Dynamic Server | 2025-04-03 | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors. | ||||
| CVE-2006-3882 | 1 Musicbox | 1 Musicbox | 2025-04-03 | N/A |
| Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2006-3883 | 1 Gonafish | 1 Linkscaffe | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gonafish LinksCaffe 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the tablewidth parameter in (a) counter.php; (2) the newdays parameter in (b) links.php; and the (3) tableborder, (4) menucolor, (5) textcolor, and (6) bodycolor parameters in (c) menu.inc.php. | ||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2025-04-03 | N/A |
| Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | ||||