Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2006-0578 Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters. | N/A | NONE | β | 0 |
| CVE-2006-0579 Multiple integer overflows in (1) the new_demux_packet function in demuxer.h and (2) the demux_asf_read_packet function in demux_asf.c in MPlayer 1.0pre7try2 and earlier allow remote attackers to exec... | N/A | NONE | β | 0 |
| CVE-2006-0587 Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspe... | N/A | NONE | β | 0 |
| CVE-2006-0588 SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters. | N/A | NONE | β | 0 |
| CVE-2006-0589 MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | N/A | NONE | β | 0 |
| CVE-2006-0590 MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax. | N/A | NONE | β | 0 |
| CVE-2006-0591 The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes i... | N/A | NONE | β | 0 |
| CVE-2006-0023 Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modify... | N/A | NONE | β | 0 |
| CVE-2006-0602 Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to ... | N/A | NONE | β | 0 |
| CVE-2006-0603 Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3)... | N/A | NONE | β | 0 |
| CVE-2006-0604 check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access. | N/A | NONE | β | 0 |
| CVE-2006-0643 Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference. | N/A | NONE | β | 0 |
| CVE-2006-0644 Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory ... | N/A | NONE | β | 0 |
| CVE-2006-0645 Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitr... | N/A | NONE | β | 0 |
| CVE-2006-0646 ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other user... | N/A | NONE | β | 0 |
| CVE-2006-4229 PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL ... | N/A | NONE | β | 0 |
| CVE-2006-0056 Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (... | N/A | NONE | β | 0 |
| CVE-2006-0597 Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". | N/A | NONE | β | 0 |
| CVE-2006-0598 Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file. | N/A | NONE | β | 0 |
| CVE-2006-0599 The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid us... | N/A | NONE | β | 0 |
| CVE-2006-0661 Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag. | N/A | NONE | β | 0 |
| CVE-2006-0662 Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rende... | N/A | NONE | β | 0 |
| CVE-2006-0663 Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino iNotes Client 6.5.4 and 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) an email subject; (2) an encoded j... | N/A | NONE | β | 0 |
| CVE-2006-0664 Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in Mantis before 1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenanc... | N/A | NONE | β | 0 |
| CVE-2006-0665 Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the ... | N/A | NONE | β | 0 |
| CVE-2006-0668 SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the... | N/A | NONE | β | 0 |
| CVE-2006-0684 change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorize... | N/A | NONE | β | 0 |
| CVE-2006-0685 The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access. | N/A | NONE | β | 0 |
| CVE-2006-0686 add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized acces... | N/A | NONE | β | 0 |
| CVE-2006-0687 process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a ... | N/A | NONE | β | 0 |
| CVE-2006-0666 Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors re... | N/A | NONE | β | 0 |
| CVE-2006-0691 edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | N/A | NONE | β | 0 |
| CVE-2006-0692 Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters i... | N/A | NONE | β | 0 |
| CVE-2006-0693 Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the ... | N/A | NONE | β | 0 |
| CVE-2006-0694 Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webs... | N/A | NONE | β | 0 |
| CVE-2006-0695 Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them direc... | N/A | NONE | β | 0 |
| CVE-2006-0698 Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. | N/A | NONE | β | 0 |
| CVE-2006-0699 Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | N/A | NONE | β | 0 |
| CVE-2006-0700 imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. | N/A | NONE | β | 0 |
| CVE-2006-0701 readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. | N/A | NONE | β | 0 |
| CVE-2006-0707 PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the ... | N/A | NONE | β | 0 |
| CVE-2006-0708 Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a Fil... | N/A | NONE | β | 0 |
| CVE-2006-0709 Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via e-mail messages with a long boundary attribute, a dif... | N/A | NONE | β | 0 |
| CVE-2006-0710 Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP. | N/A | NONE | β | 0 |
| CVE-2006-0711 The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured wi... | N/A | NONE | β | 0 |
| CVE-2006-0712 mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, prob... | N/A | NONE | β | 0 |
| CVE-2006-0713 Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in ... | N/A | NONE | β | 0 |
| CVE-2006-0714 Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath par... | N/A | NONE | β | 0 |
| CVE-2006-0757 Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the message... | N/A | NONE | β | 0 |
| CVE-2006-0758 Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) in... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.