Количество 331 878
Количество 331 878
CVE-2006-4125
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.
CVE-2006-4124
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
CVE-2006-4123
PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter.
CVE-2006-4122
Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php.
CVE-2006-4121
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4120
Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4119
SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4118
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables.
CVE-2006-4117
The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect.
CVE-2006-4116
Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.
CVE-2006-4115
PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter.
CVE-2006-4114
SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter.
CVE-2006-4113
PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter.
CVE-2006-4112
Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111.
CVE-2006-4111
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
CVE-2006-4110
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems.
CVE-2006-4109
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4108
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-4107
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.
CVE-2006-4106
Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2006-4125 Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | CVSS2: 7.5 | 27% Средний | больше 19 лет назад |
| CVE-2006-4124 The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program. | CVSS2: 4.6 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4123 PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | CVSS2: 7.5 | 5% Низкий | больше 19 лет назад |
| CVE-2006-4122 Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | CVSS2: 7.5 | 7% Низкий | больше 19 лет назад |
| CVE-2006-4121 PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | CVSS2: 5.1 | 8% Низкий | больше 19 лет назад |
| CVE-2006-4120 Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 5.1 | 2% Низкий | больше 19 лет назад |
| CVE-2006-4119 SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | CVSS2: 5.1 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4118 Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables. | CVSS2: 5.1 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4117 The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect. | CVSS2: 5.4 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4116 Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | CVSS2: 5.1 | 2% Низкий | больше 19 лет назад |
| CVE-2006-4115 PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. | CVSS2: 5.1 | 3% Низкий | больше 19 лет назад |
| CVE-2006-4114 SQL injection vulnerability in view_com.php in Nicolas Grandjean PHPMyRing 4.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idsite parameter. | CVSS2: 7.5 | 3% Низкий | больше 19 лет назад |
| CVE-2006-4113 PHP remote file inclusion vulnerability in genpage-cgi.php in Brian Fraval hitweb 4.2 and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the REP_INC parameter. | CVSS2: 5.1 | 13% Средний | больше 19 лет назад |
| CVE-2006-4112 Unspecified vulnerability in the "dependency resolution mechanism" in Ruby on Rails 1.1.0 through 1.1.5 allows remote attackers to execute arbitrary Ruby code via a URL that is not properly handled in the routing code, which leads to a denial of service (application hang) or "data loss," a different vulnerability than CVE-2006-4111. | CVSS2: 7.5 | 9% Низкий | больше 19 лет назад |
| CVE-2006-4111 Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112. | CVSS2: 7.5 | 3% Низкий | больше 19 лет назад |
| CVE-2006-4110 Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file on case-insensitive file systems. | CVSS2: 4.3 | 17% Средний | больше 19 лет назад |
| CVE-2006-4109 Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
| CVE-2006-4108 SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | CVSS2: 7.5 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4107 SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search. | CVSS2: 7.5 | 1% Низкий | больше 19 лет назад |
| CVE-2006-4106 Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title. | CVSS2: 4.3 | 0% Низкий | больше 19 лет назад |
Уязвимостей на страницу