CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2006-3631 399 DoS 2006-07-21 2018-10-18
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
252 CVE-2006-3630 189 2006-07-21 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.
253 CVE-2006-3629 DoS 2006-07-21 2018-10-18
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the MOUNT dissector in Wireshark (aka Ethereal) 0.9.4 to 0.99.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.
254 CVE-2006-3628 134 DoS Exec Code 2006-07-21 2018-10-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.
255 CVE-2006-3627 399 DoS 2006-07-21 2018-10-18
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
256 CVE-2006-3626 +Priv 2006-07-18 2018-10-18
6.2
None Local High Not required Complete Complete Complete
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
257 CVE-2006-3625 +Info 2006-07-18 2018-10-18
5.0
None Remote Low Not required Partial None None
FLV Players 8 allows remote attackers to obtain sensitive information via (1) a direct request to paginate.php or (2) an invalid p parameter to player.php, which reveal the path in an error message.
258 CVE-2006-3624 XSS 2006-07-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 allow remote attackers to inject arbitrary web script or HTML via the url parameter to (1) player.php or (2) popup.php.
259 CVE-2006-3623 Dir. Trav. 2006-07-18 2018-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Framework Service component in McAfee ePolicy Orchestrator agent 3.5.0.x and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the directory and filename in a PropsResponse (PackageType) request.
260 CVE-2006-3622 Sql +Info 2006-07-18 2018-10-18
5.0
None Remote Low Not required Partial None None
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
261 CVE-2006-3621 Exec Code Sql 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
262 CVE-2006-3620 XSS 2006-07-18 2018-10-18
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to inject arbitrary web script or HTML via the toid parameter.
263 CVE-2006-3619 Dir. Trav. 2006-07-25 2017-10-11
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
264 CVE-2006-3618 Exec Code Sql 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website, (4) comments, (5) rate, and (6) private parameters.
265 CVE-2006-3617 XSS Bypass 2006-07-18 2018-10-18
5.8
None Remote Medium Not required Partial Partial None
Cross-site scripting (XSS) vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message (aka comments), (3) website, and (4) email parameters, which bypasses XSS protection mechanisms that check for SCRIPT tags but not others, as demonstrated by a javascript URI in an onMouseOver attribute and the src attribute in an iframe tag. NOTE: some vectors might overlap CVE-2006-2975, although the use of alternate manipulations makes it unclear.
266 CVE-2006-3616 XSS 2006-07-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.
267 CVE-2006-3615 Exec Code File Inclusion 2006-07-18 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
268 CVE-2006-3614 Sql 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability.
269 CVE-2006-3613 XSS 2006-07-18 2018-10-18
5.8
None Remote Medium Not required Partial Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Chamberland Technology ezWaiter 3.0 Online and possibly Enterprise Software (aka enterprise edition) allow remote attackers to inject arbitrary web script or HTML via the (1) itemfor (aka "Who is this item for?") and (2) special (aka "Special Instructions") parameters to item.php, which is accessed from showorder.php, or (3) unspecified parameters to the login form at login.php.
270 CVE-2006-3612 XSS 2006-07-18 2008-09-05
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
271 CVE-2006-3611 Dir. Trav. 2006-07-18 2018-10-18
5.5
None Remote Low ??? Partial Partial None
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
272 CVE-2006-3610 +Info 2006-07-18 2018-10-18
5.0
None Remote Low Not required Partial None None
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information (partial database schema) via a modified page_name parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this issue is not an exposure.
273 CVE-2006-3609 XSS 2006-07-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to inject arbitrary web script or HTML via the page_name parameter with an IMG tag containing a javascript URI in the SRC attribute.
274 CVE-2006-3608 Exec Code 2006-07-18 2018-10-18
4.6
None Remote High ??? Partial Partial Partial
The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when Gallery uploads are enabled, does not restrict the extensions of uploaded files that begin with a GIF header, which allows remote authenticated users to execute arbitrary PHP code via an uploaded .php file.
275 CVE-2006-3607 XSS 2006-07-18 2018-10-18
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner Exchange Script (aka Banner Exchange Network Script) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the city parameter in (a) insertmember.php, and (2) a PHPSESSID cookie in (b) lostpassword.php, (c) gen_confirm_mem.php, and (d) index.php.
276 CVE-2006-3606 DoS 2006-07-18 2018-10-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
277 CVE-2006-3605 DoS 2006-07-18 2021-12-13
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Transition property on an uninitialized DXImageTransform.Microsoft.RevealTrans.1 ActiveX Object, which triggers a null dereference.
278 CVE-2006-3604 Dir. Trav. Bypass 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to bypass access restrictions for (1) admin/aindex.asp or (2) admin/aindex.html via a .. (dot dot) and encoded / (%2f) sequence in the URL.
279 CVE-2006-3603 XSS 2006-07-18 2018-10-18
5.8
None Remote Medium Not required Partial Partial None
Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH Network Camera 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL.
280 CVE-2006-3602 Dir. Trav. 2006-07-18 2018-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in jscripts/tiny_mce/tiny_mce_gzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the language parameter in the advanced theme.
281 CVE-2006-3601 +Priv 2006-07-18 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.
282 CVE-2006-3600 119 DoS Exec Code Overflow 2006-07-18 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp (TunePimp) 0.4.2 allow remote user-assisted attackers to cause a denial of service (application crash) and possibly execute code via a long (1) Album release date (MBE_ReleaseGetDate), (2) data, or (3) error strings.
283 CVE-2006-3599 Exec Code Sql 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
284 CVE-2006-3598 Exec Code Sql 2006-07-18 2018-10-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.
285 CVE-2006-3597 2006-07-18 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory.
286 CVE-2006-3596 DoS 2006-07-18 2018-10-30
5.0
None Remote Low Not required None None Partial
The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet.
287 CVE-2006-3595 2006-07-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190.
288 CVE-2006-3594 Exec Code Overflow 2006-07-18 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows remote attackers to execute arbitrary code via a long hostname in a SIP request, aka bug CSCsd96542.
289 CVE-2006-3593 2006-07-18 2017-07-20
4.0
None Remote Low ??? None Partial None
The command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to overwrite arbitrary files by redirecting a command's output to a file or folder, aka bug CSCse31704.
290 CVE-2006-3592 Exec Code 2006-07-18 2017-07-20
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005.
291 CVE-2006-3591 DoS 2006-07-18 2021-12-13
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the URL property of a TriEditDocument.TriEditDocument object before it has been initialized, which triggers a NULL pointer dereference.
292 CVE-2006-3590 Exec Code Mem. Corr. 2006-07-14 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
293 CVE-2006-3589 2006-07-21 2018-10-30
3.6
None Local Low Not required Partial Partial None
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
294 CVE-2006-3588 DoS 2006-07-13 2018-10-12
2.6
None Remote High Not required None None Partial
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
295 CVE-2006-3587 Exec Code 2006-07-13 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
296 CVE-2006-3582 119 Exec Code Overflow 2006-07-13 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via the size specified in the package header of (1) CFF, (2) MTK, (3) DMO, and (4) U6M files.
297 CVE-2006-3581 119 Exec Code Overflow 2006-07-13 2018-10-18
5.1
None Remote High Not required Partial Partial Partial
Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and earlier allow remote user-assisted attackers to execute arbitrary code via large (1) DTM and (2) S3M files.
298 CVE-2006-3580 Exec Code Sql 2006-07-13 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.
299 CVE-2006-3579 79 XSS 2006-07-13 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
300 CVE-2006-3578 Dir. Trav. 2006-07-13 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Fujitsu ServerView 2.50 up to 3.60L98 and 4.10L11 up to 4.11L81 allows remote attackers to read arbitrary files via unspecified vectors.
Total number of vulnerabilities : 529   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.