CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2006-3807 Exec Code 2006-07-27 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
102 CVE-2006-3806 189 Exec Code Overflow 2006-07-27 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving (1) long strings in the toSource method of the Object, Array, and String objects; and (2) unspecified "string function arguments."
103 CVE-2006-3805 Exec Code 2006-07-27 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
104 CVE-2006-3804 DoS Overflow 2006-07-27 2018-10-17
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to cause a denial of service (crash) via a VCard attachment with a malformed base64 field, which copies more data than expected due to an integer underflow.
105 CVE-2006-3803 Exec Code 2006-07-27 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used during the creation of a new Function object.
106 CVE-2006-3802 XSS 2006-07-27 2018-10-17
5.8
None Remote Medium Not required Partial Partial None
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to hijack native DOM methods from objects in another domain and conduct cross-site scripting (XSS) attacks using DOM methods of the top-level object.
107 CVE-2006-3801 Exec Code 2006-07-27 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.
108 CVE-2006-3800 XSS 2006-07-24 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.
109 CVE-2006-3799 Sql Bypass 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
110 CVE-2006-3798 2006-07-24 2018-10-17
5.0
None Remote Low Not required None Partial None
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."
111 CVE-2006-3797 Sql Bypass 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
112 CVE-2006-3796 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.
113 CVE-2006-3795 XSS 2006-07-24 2018-10-17
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before 1.08 allow remote attackers to inject arbitrary web script or HTML via the (1) membercookie cookie in header.php and the (2) redirect parameter in misc.php.
114 CVE-2006-3794 Exec Code Sql 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, stating "if someone were to type in any sql injection code, that code would never be queried."
115 CVE-2006-3793 Exec Code File Inclusion 2006-07-24 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in constants.php in SiteDepth CMS 3.01 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SD_DIR parameter.
116 CVE-2006-3792 Exec Code Sql 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.
117 CVE-2006-3791 DoS 2006-07-24 2018-10-17
5.0
None Remote Low Not required None None Partial
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a large keysize or valsize, which causes a crash when the resize function cannot allocate sufficient memory.
118 CVE-2006-3790 DoS 2006-07-24 2018-10-17
5.0
None Remote Low Not required None None Partial
The decode_stringmap function in server_transport.cpp for UFO2000 svn 1057 allows remote attackers to cause a denial of service (daemon termination) via a keysize or valsize that is inconsistent with the packet size, which leads to a buffer over-read.
119 CVE-2006-3789 DoS Exec Code 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple array index errors in the (1) recv_rules, (2) recv_select_unit, (3) recv_options, and (4) recv_unit_data functions in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code and cause a denial of service (opponent crash) via certain packet data that specifies an out-of-bounds index.
120 CVE-2006-3788 Exec Code Overflow 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data.
121 CVE-2006-3787 DoS Bypass 2006-07-24 2018-10-17
2.1
None Local Low Not required None None Partial
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
122 CVE-2006-3786 2006-07-24 2018-10-17
3.6
None Local Low Not required Partial Partial None
Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka caller or CallerID) files, which allows local users to generate a custom .cif file and modify the superuser flag.
123 CVE-2006-3785 2006-07-24 2018-10-17
2.1
None Local Low Not required Partial None None
Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox with asterisks but does not encrypt them in the associated .cif (aka caller or CallerID) file, which allows local users to obtain the passwords from the window using tools such as Nirsoft Asterwin.
124 CVE-2006-3784 +Priv 2006-07-24 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
125 CVE-2006-3783 DoS 2006-07-24 2017-07-20
4.9
None Local Low Not required None None Complete
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
126 CVE-2006-3782 DoS 2006-07-24 2017-10-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
127 CVE-2006-3781 DoS 2006-07-24 2017-10-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
128 CVE-2006-3780 2006-07-24 2018-10-17
5.0
None Remote Low Not required Partial None None
Keyifweb Keyif Portal 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) ANKET/anket.mdb, (2) HABER/keyifweb.mdb, (3) ASP/download.mdb, or (4) SAYAC/aktif.mdb in the database/A9S7G6ASD790 directory.
129 CVE-2006-3779 +Priv 2006-07-24 2011-03-08
6.5
None Remote Low ??? Partial Partial Partial
Citrix MetaFrame up to XP 1.0 Feature 1, except when running on Windows Server 2003, installs a registry key with an insecure ACL, which allows remote authenticated users to gain privileges.
130 CVE-2006-3778 2006-07-24 2008-09-05
5.0
None Remote Low Not required Partial None None
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
131 CVE-2006-3777 94 Exec Code File Inclusion 2006-07-24 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in IDevSpot PhpLinkExchange 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
132 CVE-2006-3776 94 Exec Code File Inclusion 2006-07-24 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in order/index.php in IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
133 CVE-2006-3775 89 Exec Code Sql 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.
134 CVE-2006-3774 94 Exec Code File Inclusion 2006-07-24 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in performs.php in the perForms component (com_performs) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
135 CVE-2006-3773 94 Exec Code File Inclusion 2006-07-24 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
136 CVE-2006-3772 Bypass 2006-07-24 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
137 CVE-2006-3771 Exec Code File Inclusion 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.
138 CVE-2006-3770 Exec Code Sql 2006-07-24 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
139 CVE-2006-3769 XSS 2006-07-24 2018-10-17
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
140 CVE-2006-3768 Exec Code Overflow 2006-07-28 2018-10-17
6.4
None Remote Low Not required Partial Partial None
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
141 CVE-2006-3767 XSS 2006-07-21 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.
142 CVE-2006-3766 2006-07-21 2018-10-17
5.0
None Remote Low Not required None Partial None
Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.
143 CVE-2006-3765 XSS 2006-07-21 2018-10-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.
144 CVE-2006-3764 2006-07-21 2018-10-17
5.0
None Remote Low Not required None Partial None
Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.
145 CVE-2006-3763 Exec Code Sql 2006-07-21 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
146 CVE-2006-3762 2006-07-21 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.
147 CVE-2006-3761 79 XSS 2006-07-21 2018-10-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as demonstrated using "javascript".
148 CVE-2006-3760 Exec Code Sql 2006-07-21 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
149 CVE-2006-3759 2006-07-21 2017-07-20
5.0
None Remote Low Not required None Partial None
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."
150 CVE-2006-3758 Sql 2006-07-21 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
Total number of vulnerabilities : 529   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.