Latest CVE Feed
-
6.8
MEDIUMCVE-2006-4351
Cross-site scripting (XSS) vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more
Affected Products : oneorzero- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4347
SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the usernam... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4348
PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more
Affected Products : kochsuite_component- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4349
PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed ... Read more
Affected Products : toendacms- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4350
SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more
Affected Products : oneorzero- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2006-4332
Unspecified vulnerability in the DHCP dissector in Wireshark (formerly Ethereal) 0.10.13 through 0.99.2, when run on Windows, allows remote attackers to cause a denial of service (crash) via unspecified vectors that trigger a bug in Glib.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4345
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.... Read more
Affected Products : asterisk- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
5.4
MEDIUMCVE-2006-4333
The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows remote attackers to cause a denial of service (resource consumption) via malformed packets that cause the Q.2391 dissector to use excessive memory.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2006-4344
CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi.... Read more
Affected Products : mail_f_w_system- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4346
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspeci... Read more
Affected Products : asterisk- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2006-4330
Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2006-4331
Multiple off-by-one errors in the IPSec ESP preference parser in Wireshark (formerly Ethereal) 0.99.2 allow remote attackers to cause a denial of service (crash) via unspecified vectors.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2006-4327
Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in CloudNine Interactive Links Manager 2006-06-12 allow remote attackers to inject arbitrary web script or HTML via the (1) title, (2) description, or (3) keywords parameters.... Read more
Affected Products : links_manager- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4320
PHP remote file inclusion vulnerability in sef.php in the OpenSEF 2.0.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more
Affected Products : opensef- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4321
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2006-4317
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.... Read more
Affected Products : burning_board- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2006-4323
SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.... Read more
Affected Products : indexcity- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2006-4319
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307.... Read more
- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
6.5
MEDIUMCVE-2006-4318
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.... Read more
Affected Products : wftpd- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2006-4324
Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.... Read more
Affected Products : indexcity- Published: Aug. 24, 2006
- Modified: Apr. 03, 2025