CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2006-4702 Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code v... | N/A | NONE | — | 0 |
| CVE-2006-5584 The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privi... | N/A | NONE | — | 0 |
| CVE-2006-5585 The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption ... | N/A | NONE | — | 0 |
| CVE-2006-6494 Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a loca... | N/A | NONE | — | 0 |
| CVE-2006-6495 Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter ... | N/A | NONE | — | 0 |
| CVE-2006-6496 The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows l... | N/A | NONE | — | 0 |
| CVE-2006-5648 Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create proc... | 5.5 | MEDIUM | — | 0 |
| CVE-2006-5649 Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspec... | 5.5 | MEDIUM | — | 0 |
| CVE-2006-5875 eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote attackers to execute arbitrary commands via shell metacharacters in an "SMTP level e-mail address". | N/A | NONE | — | 0 |
| CVE-2006-6107 Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (... | N/A | NONE | — | 0 |
| CVE-2006-6508 Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of t... | N/A | NONE | — | 0 |
| CVE-2006-6509 Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI... | N/A | NONE | — | 0 |
| CVE-2006-6510 An unspecified ActiveX control in SiteKiosk before 6.5.150 is installed "safe for scripting", which allows local users to bypass security protections and read arbitrary files via certain functions. | N/A | NONE | — | 0 |
| CVE-2006-6511 dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contai... | N/A | NONE | — | 0 |
| CVE-2006-6512 Directory traversal vulnerability in the Browse function (/browse URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to list arbitrary directories via URL encoded... | N/A | NONE | — | 0 |
| CVE-2006-6513 The CControl::Download function (/dl URI) in Winamp Web Interface (Wawi) 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." (dot) i... | N/A | NONE | — | 0 |
| CVE-2006-6514 Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient comparison to determine whether a directory is located below the application's root directory, which allows remote authenticated use... | N/A | NONE | — | 0 |
| CVE-2006-6515 Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of... | N/A | NONE | — | 0 |
| CVE-2006-6516 Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) page parameter to (a) index.php3, or the (2) lib... | N/A | NONE | — | 0 |
| CVE-2006-6517 Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) g... | N/A | NONE | — | 0 |
| CVE-2006-6518 Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) si... | N/A | NONE | — | 0 |
| CVE-2006-6520 Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2... | N/A | NONE | — | 0 |
| CVE-2006-6521 SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. | N/A | NONE | — | 0 |
| CVE-2006-6522 Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module a... | N/A | NONE | — | 0 |
| CVE-2006-6523 Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. | N/A | NONE | — | 0 |
| CVE-2006-6551 PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execu... | N/A | NONE | — | 0 |
| CVE-2006-6524 SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. | N/A | NONE | — | 0 |
| CVE-2006-6525 SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this info... | N/A | NONE | — | 0 |
| CVE-2006-6526 PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. | N/A | NONE | — | 0 |
| CVE-2006-6527 PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of ... | N/A | NONE | — | 0 |
| CVE-2006-6528 The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. | N/A | NONE | — | 0 |
| CVE-2006-6529 The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom's last messages overview, which allows remote attackers to obtain sensitive information by reading the overview... | N/A | NONE | — | 0 |
| CVE-2006-6530 SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2006-6531 Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, v... | N/A | NONE | — | 0 |
| CVE-2006-6532 Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) v... | N/A | NONE | — | 0 |
| CVE-2006-6533 Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter.... | N/A | NONE | — | 0 |
| CVE-2006-6534 Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_b... | N/A | NONE | — | 0 |
| CVE-2006-6536 Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. NOTE: The provenance of this in... | N/A | NONE | — | 0 |
| CVE-2006-6537 IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, allows remote attackers to bypass authentication via a modified pnl parameter, related to hod/HODAdmin.html and hod/frameset.html. | N/A | NONE | — | 0 |
| CVE-2006-6539 Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) l... | N/A | NONE | — | 0 |
| CVE-2006-6540 SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some ... | N/A | NONE | — | 0 |
| CVE-2006-6541 PHP remote file inclusion vulnerability in signer/final.php in warez distributions of Animated Smiley Generator allows remote attackers to execute arbitrary PHP code via a URL in the smiley parameter.... | N/A | NONE | — | 0 |
| CVE-2006-6542 SQL injection vulnerability in news.php in Fantastic News 2.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | — | 0 |
| CVE-2006-6543 Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password pa... | N/A | NONE | — | 0 |
| CVE-2006-6544 Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the ... | N/A | NONE | — | 0 |
| CVE-2024-5744 The wp-eMember WordPress plugin before 10.6.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old... | 6.8 | MEDIUM | — | 0 |
| CVE-2006-6545 PHP remote file inclusion vulnerability in includes/common.php in the ErrorDocs 1.0.0 and earlier module for mxBB (mx_errordocs) allows remote attackers to execute arbitrary PHP code via a URL in the ... | N/A | NONE | — | 0 |
| CVE-2006-6546 PHP remote file inclusion vulnerability in inc/shows.inc.php in cutenews aj-fork (CN:AJ) 167f and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter. | N/A | NONE | — | 0 |
| CVE-2006-6547 Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary... | N/A | NONE | — | 0 |
| CVE-2006-6548 Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to (1) script... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.