Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2006-1604 Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | N/A | NONE | β | 0 |
| CVE-2006-1605 Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | N/A | NONE | β | 0 |
| CVE-2006-2224 RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | N/A | NONE | β | 0 |
| CVE-2006-2225 Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. | N/A | NONE | β | 0 |
| CVE-2006-2226 Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. | N/A | NONE | β | 0 |
| CVE-2006-2227 Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url... | N/A | NONE | β | 0 |
| CVE-2006-2228 Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event n... | N/A | NONE | β | 0 |
| CVE-2006-2316 S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passw... | N/A | NONE | β | 0 |
| CVE-2006-2236 Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long rem... | N/A | NONE | β | 0 |
| CVE-2006-2237 The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. | N/A | NONE | β | 0 |
| CVE-2006-0515 Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to byp... | N/A | NONE | β | 0 |
| CVE-2006-1172 Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signat... | N/A | NONE | β | 0 |
| CVE-2006-2161 Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a Z... | N/A | NONE | β | 0 |
| CVE-2006-2252 Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | N/A | NONE | β | 0 |
| CVE-2006-2253 PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | N/A | NONE | β | 0 |
| CVE-2006-2254 Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. | N/A | NONE | β | 0 |
| CVE-2006-2255 Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2... | N/A | NONE | β | 0 |
| CVE-2006-2256 PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | N/A | NONE | β | 0 |
| CVE-2006-2257 Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. | N/A | NONE | β | 0 |
| CVE-2006-2258 Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter. | N/A | NONE | β | 0 |
| CVE-2006-2259 SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | N/A | NONE | β | 0 |
| CVE-2006-2260 Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | N/A | NONE | β | 0 |
| CVE-2006-2261 PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | N/A | NONE | β | 0 |
| CVE-2006-2262 Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter. | N/A | NONE | β | 0 |
| CVE-2006-2263 SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | N/A | NONE | β | 0 |
| CVE-2006-2264 Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor paramet... | N/A | NONE | β | 0 |
| CVE-2006-2265 Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance o... | N/A | NONE | β | 0 |
| CVE-2006-2274 Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer... | N/A | NONE | β | 0 |
| CVE-2006-2275 Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickl... | 7.5 | HIGH | β | 0 |
| CVE-2006-0027 Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties. | N/A | NONE | β | 0 |
| CVE-2006-0034 Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 a... | N/A | NONE | β | 0 |
| CVE-2006-2278 SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow paramete... | N/A | NONE | β | 0 |
| CVE-2006-2279 Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters... | N/A | NONE | β | 0 |
| CVE-2006-2280 Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template ... | N/A | NONE | β | 0 |
| CVE-2006-2281 X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it. | N/A | NONE | β | 0 |
| CVE-2006-2282 Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to t... | N/A | NONE | β | 0 |
| CVE-2006-2283 Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.... | N/A | NONE | β | 0 |
| CVE-2006-2284 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the... | N/A | NONE | β | 0 |
| CVE-2006-2285 PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter. | N/A | NONE | β | 0 |
| CVE-2006-2289 Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2006-2290 Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parame... | N/A | NONE | β | 0 |
| CVE-2006-2291 Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this in... | N/A | NONE | β | 0 |
| CVE-2006-2292 Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parame... | N/A | NONE | β | 0 |
| CVE-2006-2293 SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is... | N/A | NONE | β | 0 |
| CVE-2006-2294 Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. NOTE: this ... | N/A | NONE | β | 0 |
| CVE-2006-2295 Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php. | N/A | NONE | β | 0 |
| CVE-2006-2296 SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this inf... | N/A | NONE | β | 0 |
| CVE-2006-2082 Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when th... | N/A | NONE | β | 0 |
| CVE-2006-0993 The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive infor... | N/A | NONE | β | 0 |
| CVE-2006-2297 Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow whil... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.