Количество 331 703
Количество 331 703
CVE-2006-0143
Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths.
CVE-2006-0142
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0141
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.
CVE-2006-0140
Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags.
CVE-2006-0139
The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter.
CVE-2006-0138
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
CVE-2006-0137
SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-0136
Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters.
CVE-2006-0135
SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable).
CVE-2006-0134
Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter.
CVE-2006-0133
Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273.
CVE-2006-0132
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter.
CVE-2006-0131
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.
CVE-2006-0130
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account.
CVE-2006-0129
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106.
CVE-2006-0128
Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors.
CVE-2006-0127
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command.
CVE-2006-0126
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices.
CVE-2006-0125
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue.
CVE-2006-0124
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2006-0143 Microsoft Windows Graphics Rendering Engine (GRE) allows remote attackers to corrupt memory and cause a denial of service (crash) via a WMF file containing (1) ExtCreateRegion or (2) ExtEscape function calls with arguments with inconsistent lengths. | CVSS2: 7.5 | 73% Высокий | около 20 лет назад | |
CVE-2006-0142 Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | CVSS2: 4.3 | 0% Низкий | около 20 лет назад | |
CVE-2006-0141 Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file. | CVSS2: 5 | 3% Низкий | около 20 лет назад | |
CVE-2006-0140 Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 Stable(2.6.0) and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. | CVSS2: 4.3 | 1% Низкий | около 20 лет назад | |
CVE-2006-0139 The send-private-message functionality (send-private-message.asp) in PD9 Software MegaBBS 2.1 allows remote attackers to read private messages of other users via a modified replyid parameter. | CVSS2: 5 | 1% Низкий | около 20 лет назад | |
CVE-2006-0138 aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). | CVSS2: 5 | 9% Низкий | около 20 лет назад | |
CVE-2006-0137 SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад | |
CVE-2006-0136 Multiple cross-site scripting (XSS) vulnerabilities in the guestbook module in modules.php in Phanatic Softwares Chimera Web Portal System 0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) comment_poster, (2) comment_poster_email, (3) comment_poster_homepage, and (4) comment_text parameters. | CVSS2: 4.3 | 3% Низкий | около 20 лет назад | |
CVE-2006-0135 SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the username parameter (aka the u variable). | CVSS2: 7.5 | 4% Низкий | около 20 лет назад | |
CVE-2006-0134 Cross-site scripting (XSS) vulnerability in register.php in TheWebForum (twf) 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the www parameter. | CVSS2: 4.3 | 1% Низкий | около 20 лет назад | |
CVE-2006-0133 Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow local users to determine the existence of files and read partial contents of certain files via a .. (dot dot) in the argument to (1) getCommand.new (aka getCommand) and (2) getShell, a different vulnerability than CVE-2005-4273. | CVSS2: 3.6 | 1% Низкий | около 20 лет назад | |
CVE-2006-0132 Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows remote attackers to include and execute arbitrary local PHP scripts, and possibly read other types of files, via a .. (dot dot) and a trailing null in the webftp_language parameter. | CVSS2: 5 | 1% Низкий | около 20 лет назад | |
CVE-2006-0131 boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message. | CVSS2: 5 | 0% Низкий | около 20 лет назад | |
CVE-2006-0130 Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier allows remote attackers to attempt authentication with an unlimited number of user account names and passwords without denying connections, limiting the rate of connections, or locking out an account. | CVSS2: 7.5 | 1% Низкий | около 20 лет назад | |
CVE-2006-0129 Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames via user requests to TCP port 106. | CVSS2: 5 | 1% Низкий | около 20 лет назад | |
CVE-2006-0128 Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via unknown attack vectors. | CVSS2: 10 | 1% Низкий | около 20 лет назад | |
CVE-2006-0127 Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME command. | CVSS2: 4 | 1% Низкий | около 20 лет назад | |
CVE-2006-0126 rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows local users to gain read and write access to the devices. | CVSS2: 4.6 | 0% Низкий | около 20 лет назад | |
CVE-2006-0125 Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. There is not enough detail from these third party sources to know whether this is directory traversal, remote file include, or another issue. | CVSS2: 5 | 4% Низкий | около 20 лет назад | |
CVE-2006-0124 Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. | CVSS2: 4.3 | 1% Низкий | около 20 лет назад |
Уязвимостей на страницу