CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2006-6126 DoS Mem. Corr. 2006-11-27 2017-07-29
2.1
None Local Low Not required None None Partial
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
52 CVE-2006-6125 119 Exec Code Overflow 2006-11-27 2011-10-17
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.
53 CVE-2006-6124 XSS 2006-11-26 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
54 CVE-2006-6123 XSS Bypass 2006-11-26 2017-07-29
2.6
None Remote High Not required None Partial None
Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.
55 CVE-2006-6122 Overflow 2006-11-26 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804.
56 CVE-2006-6121 Exec Code 2006-11-26 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
57 CVE-2006-6119 +Info 2006-11-26 2018-10-17
5.0
None Remote Low Not required Partial None None
mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.
58 CVE-2006-6118 XSS 2006-11-26 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
59 CVE-2006-6117 Exec Code Sql 2006-11-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
60 CVE-2006-6116 Exec Code Sql 2006-11-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
61 CVE-2006-6115 Exec Code Sql 2006-11-26 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
62 CVE-2006-6113 +Info 2006-11-28 2018-10-17
5.0
None Remote Low Not required Partial None None
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
63 CVE-2006-6111 Exec Code Sql 2006-11-26 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.
64 CVE-2006-6110 Exec Code Sql 2006-11-26 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.
65 CVE-2006-6109 89 Exec Code Sql 2006-11-26 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
66 CVE-2006-6108 79 XSS 2006-11-26 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
67 CVE-2006-6097 2006-11-24 2018-10-17
4.0
None Remote High Not required None Partial Partial
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
68 CVE-2006-6096 79 XSS 2006-11-24 2016-11-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.
69 CVE-2006-6095 89 Exec Code Sql 2006-11-24 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
70 CVE-2006-6094 89 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
71 CVE-2006-6093 Exec Code File Inclusion 2006-11-24 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.
72 CVE-2006-6092 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
73 CVE-2006-6091 XSS 2006-11-24 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
74 CVE-2006-6090 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
75 CVE-2006-6089 XSS 2006-11-24 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field.
76 CVE-2006-6088 XSS 2006-11-24 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.
77 CVE-2006-6087 XSS 2006-11-24 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter.
78 CVE-2006-6086 94 Exec Code File Inclusion 2006-11-24 2017-10-19
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.
79 CVE-2006-6085 +Info 2006-11-24 2017-07-20
5.0
None Remote Low Not required Partial None None
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.
80 CVE-2006-6084 Dir. Trav. 2006-11-24 2018-10-17
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
81 CVE-2006-6083 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
82 CVE-2006-6082 XSS 2006-11-24 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.
83 CVE-2006-6081 Exec Code File Inclusion 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Smarty_Compiler.class.php in Telaen 1.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the plugin_file parameter.
84 CVE-2006-6080 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
85 CVE-2006-6079 Exec Code File Inclusion 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 allow remote attackers to execute arbitrary PHP code via a URL in the mainframe parameter to (1) admin.loudmouth.php or (2) toolbar.loudmouth.php.
86 CVE-2006-6078 Exec Code File Inclusion 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common.inc.php in a-ConMan 3.2 beta allows remote attackers to execute arbitrary PHP code via a URL in the cm_basedir parameter.
87 CVE-2006-6077 2006-11-24 2018-10-17
5.0
None Remote Low Not required Partial None None
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.
88 CVE-2006-6076 Exec Code Overflow 2006-11-24 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
89 CVE-2006-6075 XSS 2006-11-24 2011-03-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp forum allows remote attackers to inject arbitrary web script or HTML via the name parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
90 CVE-2006-6074 Exec Code Sql 2006-11-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
91 CVE-2006-6073 89 Exec Code Sql 2006-11-24 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
92 CVE-2006-6072 Exec Code Sql 2006-11-24 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
93 CVE-2006-6070 Exec Code Sql 2006-11-22 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
94 CVE-2006-6069 2006-11-22 2018-10-17
5.0
None Remote Low Not required Partial None None
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
95 CVE-2006-6068 Dir. Trav. 2006-11-22 2018-10-17
2.6
None Remote High Not required Partial None None
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.
96 CVE-2006-6067 Exec Code Sql 2006-11-22 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
97 CVE-2006-6066 Exec Code Sql 2006-11-22 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dragon Calendar / Events Listing 2.x allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) admin_login.asp, the (3) ID parameter to (b) event_searchdetail.asp, or the (4) VenueID parameter to (c) venue_detail.asp.
98 CVE-2006-6065 Exec Code File Inclusion 2006-11-22 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
99 CVE-2006-6064 Exec Code Overflow 2006-11-22 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.
100 CVE-2006-6063 Exec Code Overflow 2006-11-22 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier allows remote attackers to execute arbitrary code via a M3U file containing a long (1) FileName, and cause a crash via a long (2) DisplayName.
Total number of vulnerabilities : 507   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.