CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2006-3991 PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh Voodoo chat 1.0RC1b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_path parameter. | N/A | NONE | — | 0 |
| CVE-2006-3992 Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection befo... | N/A | NONE | — | 0 |
| CVE-2006-3993 PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absP... | N/A | NONE | — | 0 |
| CVE-2006-3998 PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka World of Warcraft Roster) 1.5.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir paramete... | N/A | NONE | — | 0 |
| CVE-2006-3994 SQL injection vulnerability in the u2u_send_recp function in u2u.inc.php in XMB (aka extreme message board) 1.9.6 Alpha and earlier allows remote attackers to execute arbitrary SQL commands via the u2... | N/A | NONE | — | 0 |
| CVE-2006-3995 Multiple PHP remote file inclusion vulnerabilities in (1) uhp_config.php, and possibly (2) footer.php, (3) functions.php, (4) install.uhp.php, (5) toolbar.uhp.html.php, (6) uhp.class.php, and (7) unin... | N/A | NONE | — | 0 |
| CVE-2006-3996 SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. | N/A | NONE | — | 0 |
| CVE-2006-0395 The Download Validation in Mail in Mac OS X 10.4 does not properly recognize attachment file types to warn a user of an unsafe type, which allows user-assisted remote attackers to execute arbitrary co... | N/A | NONE | — | 0 |
| CVE-2006-3997 PHP remote file inclusion vulnerability in hsList.php in WoWRoster (aka World of Warcraft Roster) 1.5.x and earlier allows remote attackers to execute arbitrary PHP code via a URL in the subdir parame... | N/A | NONE | — | 0 |
| CVE-2006-4000 Directory traversal vulnerability in cgi-bin/preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote authenticated users to read arbitrary files via a .. (dot do... | N/A | NONE | — | 0 |
| CVE-2006-4001 Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 contains a hard-coded password for the guest account, which allows remote attackers to read sensitive information such as e-mail... | N/A | NONE | — | 0 |
| CVE-2006-3123 Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local... | N/A | NONE | — | 0 |
| CVE-2006-4002 Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: p... | N/A | NONE | — | 0 |
| CVE-2006-4003 The config method in Henrik Storner Hobbit monitor before 4.1.2p2 permits access to files outside of the intended configuration directory, which allows remote attackers to obtain sensitive information... | N/A | NONE | — | 0 |
| CVE-2006-4004 Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via direc... | N/A | NONE | — | 0 |
| CVE-2006-4005 BomberClone 0.11.6 and earlier allows remote attackers to cause a denial of service (daemon crash) via (1) a certain malformed PKGF_ackreq packet, which triggers a crash in the rscache_add() function ... | N/A | NONE | — | 0 |
| CVE-2006-4006 The do_gameinfo function in BomberClone 0.11.6 and earlier, and possibly other functions, does not reset the packet data size, which causes the send_pkg function (packets.c) to use this data size when... | N/A | NONE | — | 0 |
| CVE-2006-4007 PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. | N/A | NONE | — | 0 |
| CVE-2006-4008 PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path parameter. | N/A | NONE | — | 0 |
| CVE-2006-3858 IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product... | N/A | NONE | — | 0 |
| CVE-2006-3861 IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases. | N/A | NONE | — | 0 |
| CVE-2006-3862 Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envari... | N/A | NONE | — | 0 |
| CVE-2006-3450 Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and pos... | N/A | NONE | — | 0 |
| CVE-2006-4029 Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet. | N/A | NONE | — | 0 |
| CVE-2006-3586 SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) l... | N/A | NONE | — | 0 |
| CVE-2006-3637 Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle various HTML layout component combinations, which allows user-assisted remote attackers to execute arbitrary code via a crafted HTML... | N/A | NONE | — | 0 |
| CVE-2006-3638 Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary... | N/A | NONE | — | 0 |
| CVE-2006-3438 Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not pr... | N/A | NONE | — | 0 |
| CVE-2006-3444 Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer." | N/A | NONE | — | 0 |
| CVE-2006-3449 Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF ... | N/A | NONE | — | 0 |
| CVE-2006-3639 Microsoft Internet Explorer 5.01 and 6 does not properly identify the originating domain zone when handling redirects, which allows remote attackers to read cross-domain web pages and possibly execute... | N/A | NONE | — | 0 |
| CVE-2006-3640 Microsoft Internet Explorer 5.01 and 6 allows certain script to persist across navigations between pages, which allows remote attackers to obtain the window location of visited web pages in other doma... | N/A | NONE | — | 0 |
| CVE-2006-3643 Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) ... | N/A | NONE | — | 0 |
| CVE-2006-3649 Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, ... | N/A | NONE | — | 0 |
| CVE-2006-4022 Intel 2100 PRO/Wireless Network Connection driver PROSet before 7.1.4.6 allows local users to corrupt memory and execute code via "requests for capabilities from higher-level protocol drivers or user-... | N/A | NONE | — | 0 |
| CVE-2006-4023 The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facili... | N/A | NONE | — | 0 |
| CVE-2006-4024 The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr ... | N/A | NONE | — | 0 |
| CVE-2006-4025 SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year para... | N/A | NONE | — | 0 |
| CVE-2006-4026 PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows remote attackers to execute arbitrary PHP code via a URL in the (1) root_path parameter in usr/extensions/get_infochannel.inc.php an... | N/A | NONE | — | 0 |
| CVE-2006-3439 Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC... | N/A | NONE | — | 0 |
| CVE-2006-3440 Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulne... | N/A | NONE | — | 0 |
| CVE-2006-3441 Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: whi... | N/A | NONE | — | 0 |
| CVE-2006-3443 Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile director... | N/A | NONE | — | 0 |
| CVE-2006-3122 The supersede_lease function in memory.c in ISC DHCP (dhcpd) server 2.0pl5 allows remote attackers to cause a denial of service (application crash) via a DHCPDISCOVER packet with a 32 byte client-iden... | N/A | NONE | — | 0 |
| CVE-2006-3648 Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled excepti... | N/A | NONE | — | 0 |
| CVE-2006-3083 The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for... | N/A | NONE | — | 0 |
| CVE-2006-3084 The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local... | N/A | NONE | — | 0 |
| CVE-2006-3979 The AdminAPI of ColdFusion MX 7 allows attackers to bypass authentication by using "programmatic access" to the adminAPI instead of the ColdFusion Administrator. | N/A | NONE | — | 0 |
| CVE-2006-4028 Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-200... | N/A | NONE | — | 0 |
| CVE-2006-4031 MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.