| Max CVSS | 8.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2006-3209 | 7.2 |
The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited
|
17-05-2024 - 00:29 | 24-06-2006 - 01:06 | |
| CVE-2006-4106 | 4.3 |
Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.
|
17-10-2018 - 21:33 | 14-08-2006 - 20:04 | |
| CVE-2006-4127 | 4.6 |
Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and earlier allow remote administrators to execute arbitrary code via format string specifiers that are not properly handled when calling the (1) privmsg() or (2) pubmsg functions from (
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2006-4125 | 7.5 |
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. This vulnerability is addressed in the
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2006-4110 | 4.3 |
Apache 2.2.2, when running on Windows, allows remote attackers to read source code of CGI programs via a request that contains uppercase (or alternate case) characters that bypass the case-sensitive ScriptAlias directive, but allow access to the file
|
17-10-2018 - 21:33 | 14-08-2006 - 20:04 | |
| CVE-2006-4116 | 5.1 |
Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checks
|
17-10-2018 - 21:33 | 14-08-2006 - 21:04 | |
| CVE-2006-4118 | 5.1 |
Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) includ
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2006-4115 | 5.1 |
PHP remote file inclusion vulnerability in common.inc.php in PgMarket 2.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CFG[libdir] parameter. Successful exploitation requires that "register_global
|
17-10-2018 - 21:33 | 14-08-2006 - 21:04 | |
| CVE-2006-4130 | 6.8 |
PHP remote file inclusion vulnerability in admin.remository.php in the Remository Component (com_remository) 3.25 and earlier for Mambo and Joomla!, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2006-4126 | 5.0 |
The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to cause a denial of service (application crash) by sending a client message before providing the nickname, which triggers a null pointer dereference. This
|
17-10-2018 - 21:33 | 14-08-2006 - 23:04 | |
| CVE-2006-4105 | 4.3 |
Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message.
|
17-10-2018 - 21:33 | 14-08-2006 - 20:04 | |
| CVE-2006-4103 | 7.5 |
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
|
17-10-2018 - 21:33 | 14-08-2006 - 20:04 | |
| CVE-2007-0192 | 7.5 |
Cross-site request forgery (CSRF) vulnerability in the save_main operation in the ad_perms section in admin.php in MKPortal allows remote attackers to modify privilege settings, as demonstrated using a getURL of admin.php within a .swf file contained
|
16-10-2018 - 16:31 | 12-01-2007 - 05:04 | |
| CVE-2007-4900 | 4.3 |
Cross-site scripting (XSS) vulnerability in the logon page in RSA EnVision 3.3.6 Build 0115 allows remote attackers to inject arbitrary web script or HTML via the username field.
|
15-10-2018 - 21:38 | 14-09-2007 - 18:17 | |
| CVE-2008-3591 | 7.5 |
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
| CVE-2008-3592 | 8.5 |
Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified
|
29-09-2017 - 01:31 | 11-08-2008 - 23:41 | |
| CVE-2006-4104 | 4.3 |
Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input."
|
20-07-2017 - 01:32 | 14-08-2006 - 20:04 | |
| CVE-2005-3427 | 2.1 |
The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.
|
11-07-2017 - 01:33 | 02-11-2005 - 00:02 | |
| CVE-2010-2861 | 7.5 |
Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/sett
|
24-09-2013 - 03:39 | 11-08-2010 - 18:47 |